Safeguards: The What, Why, and How

Posted on July 14, 2019 by Meghan Davenport in Blog No Comments

Guest Blog Post by Tamara Beitel

Health Information Management Student, Centre for Distance Education, May 2015

Picture this, the reception room of the clinic was clean and organized, the patients were happy as they were quickly seen by an efficient, positive and qualified healthcare team. This is what happens when the clinic has taken the time to design their safeguards.

What are safeguards? Why are they important to you? How do you implement these safeguards into your clinic/office?

These are important questions to consider when thinking about safeguards. Implementing safeguards will make your clients/patients feel more confident that their personal information is safe. They will be more willing to share their information.

Why should you safeguard health information?

It is important to safeguard health information to protect your business, your reputation, and helps employees understand privacy, security and confidentiality. When your clients/patients see that you are actively making sure that their personal information is safe, they feel more confident in sharing that information knowing it will be protected.

What are safeguards?

There are three types of safeguards to use in maintaining the privacy and confidentiality of health information in your clinic.

Administrative safeguards are the policies and procedures and other written documents. Policies and procedures direct staff to properly access patient information, privacy training for staff, monitoring the policies and procedures, dealing with receiving and responding to privacy complaints and inquiries, and dealing with transferring, retaining and destroying personal information contained on electronic devices.

There is privacy breach management to help prevent or in case of a breach what the procedure is in dealing with the breach. In the blog, When is a privacy breach a privacy breach?, it discusses the repercussions of not implementing breach policies and also discusses the legislation that is in place to safeguard personal information from breaches. It is important to acknowledge when a breach has occurred, that you have taken the proper steps to address the breach, and have learned from the breach so as not to repeat the same mistakes.

Examples of Policies and Procedures:

Signed oaths of confidentiality for all affiliates
Screens should be private and not viewable from public areas
Prohibit disclosure of patient diagnostic, treatment and care information over the phone, even to an individual who claims to be the patient

Technical Safeguards are controls that protect and control access to personally identifiable and health information. Technical safeguards include electronic devices, surveillance cameras, security systems, and telephone systems. Let’s focus on electronic health information and computer networks for example.

Audits of the security and computer systems are vital to maintain privacy and security of personal information. Through audits you can enforce compliance of the policies and procedures and see where changes, if any, are needed. It helps the staff to be aware of the importance in protecting the client/patient personal information. They see that there are consequences for not following policies and procedures.

You should also be aware of the risks from external threats. These include:

identity theft
loss of information
information shared with unauthorized individuals
Some examples of external threats are: malware (malicious software, designed to infiltrate or damage a computer system), spyware (a type of malware that collects information, such as key loggers), and irresponsible use of the Internet

Mitigation strategies include:

regular training and refreshers on privacy and security
IT professionals reassess any software/hardware additions/changes

Examples of technical safeguards in electronic medical records (EMRs) are:

Strong passwords
Encryption of data
Using role-based access to limit access to health information to a need to know basis (user-based access rights ((secure)), role-based rights ((more secure)) and context-based rights ((most secure))

Physical Safeguards are the physical measures used to protect electronic health information from unauthorized access. This includes precautions to prevent break-ins, theft of computers and files, unauthorized access to personal information, applying physical barriers and control procedures against threats to personal information, and policies and procedures on locking up at night, computer etiquette, and office set up (how and where computers, fax machines etc. are set up).

Examples of physical safeguards are:

Limiting access to the building, clinic and storage areas
Alarms and security cameras, doors and locks, lighting
Placing fax machines and printers out of sight and reach of public areas

Safeguards Next Steps

All three of the safeguards should be used in conjunction with each other. The use of these safeguards will help protect your client/patient information from breach, identity theft, loss and unauthorized access. You have the power to make the clinic/office safe from threats to security, privacy and confidentiality. Your clients/patients will know that you have taken all reasonable steps to ensure that their personal information has been protected and appreciate it. It is beneficial to your clinic to review all of your safeguard measures with staff and have regular audits, reviews, updates to the policies and procedures, systems, and security of the clinic. There are many self-assessment tools available from the Privacy Commissioners in the provinces and from the federal government. See the resources below.

About the author: Tamara Beitel has successfully completed the Health Information Management Diploma at Centre for Distance Education, she is currently preparing to challenge the National Certification Exam in July 2015. Tamara is looking forward to work as a Certified Health Information Management (CHIM) professional in the area of policy and privacy protection in the Calgary area.

Resources

Privacy Awareness Training– Corridor Interactive – Privacy Awareness in Healthcare: Essentials

Jean Eaton, When is privacy breach a privacy breach? https://informationmanagers.ca/privacy-breach-privacy-breach/

Office of the Information and Privacy Commissioner of Alberta

Office of the Privacy Commissioner of Canada

best practice, clinic management, good security practices, privacy, privacy breach, Safeguards, security

Do you want to enjoy the benefits of the internet without the fear of cyber attacks and privacy breaches?

Posted on September 11, 2017 by Jean Eaton in 15 Day Privacy Challenge, Blog, Upcoming events/workshops

Is this you?

Paul clicked on a link in an email that encrypted all his data on his computer and now he has to pay a ransom to get the data back.

Mary used her work email address to register for the course, “Ready to leave your job?” Now her boss thinks that she is looking for a new job.

Alice did not follow your clinic policies and procedures properly and she left a confidential message with the wrong patient.

Bob is a new employee and will start his orientation tomorrow.

They each use the internet for their personal lives and as an employee. You need to know the best practices on the internet and how to protect your personal information. It's easy once you know how!

The 15 Day Privacy Challenge is a fun, FREE online educational opportunity on privacy and security that you can use at home or at work. Enjoy the benefits of the internet without the fear of cyber attacks and privacy breaches when you use these practical tips, tools, and resources.

This free online course is ideal for businesses, healthcare practices, or clubs and their privacy officers, employees, and their families.

The course is free – there is no risk to you and you will see that the 15 Day Privacy Challenge is the perfect way to make small changes easily that can improve the privacy and security of your information right away!

We are official champions of the National Cyber Security Awareness Month (NCSAM). October is Cyber Security Awareness Month and Information Managers is celebrating by hosting our annual 15 Day Privacy Challenge.

The 15 Day Privacy Challenge starts October 15th, for fifteen days.

The challenge includes tasks centered on a privacy or security best practice. Each challenge includes a short description about why this practice is important, how to get started, and links to additional resources. Each challenge will take approximately 15 minutes to complete. All activities are online and accessible from any internet enabled device.

[clickToTweet tweet=”Practical #privacy and security tips for home or office – FREE! #15DayPrivacyChallenge #CyberAware” quote=”15 Day Privacy Challenge – Practical privacy and security tips for the internet enabled home and office – FREE!”]

Businesses and healthcare providers are legally responsible to ensure that every employee, contractor, and vendor receives privacy and security training, including cyber awareness. Prevent malicious errors, omissions or attacks that could result in fines and even jail time for the business, healthcare provider, employee, or vendor by being up to date on privacy and security best practices.

Training is the cornerstone of every privacy and security program.

People love games, challenges, and cyber competitions to create variety and interest in privacy and security best practices. The 15 Day Privacy Challenge uses a variety of multi-media content that everyone in your practice can understand. Privacy awareness training alone won’t guarantee that mistakes or errors in judgement won’t happen, but Privacy Awareness Training is your logical first step.

The 15 Day Privacy Challenge starts October 15th, for fifteen days.

The 15 Day Privacy Challenge includes easy to access on-line resources delivered each day. You will have access to all of the resources for one year on the website.

BONUS – access to discussion group with other participants to share your tips.

What People Are Saying

Don't just take it from us, here is what previous participants are saying:

“The 15 Day Privacy Challenge has given me some additional information on day-to-day responsibilities that I hadn't considered until now. Each Privacy Challenge has been so informative and I've been sharing it with our office staff.”

Vera. Alberta Health Services

“The 15 Day Privacy Challenge has made me aware of the policies that my facility needs to update/create!”

Rachel Worthing, CHIM, Ontario Shores Centre for Mental Health Sciences

“The 15 Day Privacy Challenge has given me some great resource information and helped me to identify the areas that I need to work on. I found value in almost all of the Privacy Challenges, but I would say Risk Assessment, Social Media, Email Phishing and Spam, and Confidentiality are the top four.”

Sharon

The 15 Day Privacy Challenges includes:

Posters
Short articles with practical information
Videos
Infographics
Links to additional free resources
Certificate of completion

The 15 Day Privacy Challenge includes practical tips on:

Confidentiality
Privacy Collection
Manage USB Sticks and Mobile Devices
Computer Backup
Computer Security
Spam email, Phishing emails, Spear-phishing
Privacy Officer Education
The Right to Access Your Own Personal Information
Change Your Passwords
Employee Orientation
Social Media
Risk Assessment
Privacy Breach Reporting

At the end of the challenge, you will receive a printable certificate of completion. Successful challengers might also find that this qualifies for CPE credits, too!

You will also have many more tools to add to your privacy tool box!

You can do this yourself or make it a team event. The finished tasks and poster will contribute to your business' Privacy Management Program. Proudly display your poster to your co-workers and customers to show the steps you have taken to manage privacy and security.

The course is free – there is no risk to you and you will see that the 15 Day Privacy Challenge is the perfect way to make small changes easily that can improve the privacy and security of your information right away!

Register right away while this is fresh in your mind! You won’t want to miss a single one!

Yes, I'm ready to take the Privacy Challenge!

Includes the webinar on October 19 – Do Your Club Volunteers Protect Your Privacy?

Along with your webinar registration, you will also benefit from the occasional Privacy Nugget tips by email of similar privacy resources and articles that you can use right away!

#15DayPrivacyChallenge, #CyberAware, #NCSAM, 15 Day Privacy Challenge, healthcare, Practical Privacy Coach, Practice Management Mentor, privacy, privacy awareness, privacy officer, security, security awareness, training

Cyberextortion – Is Your Patient’s Health Information Protected?

Posted on May 19, 2017 by Jean Eaton in Blog

Alice had a few minutes before the clinic opened and the first patients arrived. She logged onto the computer and then her personal email through a webmail connection. She checked through her messages and opened an email from a supplier. She followed a link to a website looking for a deal on office supplies and was shocked to find pornographic images!

Alice closed the browser and closed her email.

Then she saw the message on the clinic's computer screen, “This operating system has been locked for security reasons. You have browsed illicit material and must pay a fine.”

Alice could not access any of the files on the computer, not even the clinic's electronic medical record (EMR).

Is data the new hostage?

Cyberextortion is a crime involving an attack or threat of attack followed by a demand for money to avert or stop the attack. Cybercriminals have developed ransomware which encrypts the victim's data.¹

A healthcare business has many types of data on the computer network – patient health information, employee personnel records, fee for service billing, accounting and tax information. That information is important to you – and makes it a valuable target for cybercriminals.

The motive for ransomware attacks is monetary, and unlike other types of security exploits, the victim is usually notified that an attack has occurred and is given instructions for how to recover data. Payment for recovery instructions is often demanded in virtual currency (bitcoin) to protect the criminal's identity. (see WhatIs.com for more information)

Here's what you should be doing now to prevent cyberextortion on your computer network.

Know where all your data is kept – your active patient records, archived patient records, billing records, etc. Remember to reclaim data that you may have left behind with previous vendors – transcriptionist, billing agents, remote data, retired EMR vendors, etc.
Collect only the information that you need; not information that might be nice to know or that you might have a use for in the future.
Install or update endpoint security solutions anti-malware and anti-virus software.
Backup your data with secure encryption. Make sure that you have the encryption key and that you know how to use it. Test restore the backup and test the encryption key, too.
Keep your backup separate from your computer network. You might store your backup on encrypted external drives or remote backup. But don't keep your backup device connected to your computer. If you are attacked by ransomware, the backup device can be locked. too.
Is your current back-up device secure? Your backup should be maintained in an area with appropriate physical safeguards – for example, in a locked, secure, filing drawer, safe or data centre in a location separate from the computer network.
Learn how to recognize phishing attacks so that you can prevent cyber attacks, too.

Risk can be mitigated through use of appropriate safeguards that will lessen the likelihood or consequences of the risk. Layers of safeguards – administrative, technical, physical – will help to prevent privacy and security breaches. When both the likelihood of the risk and the risk of harm is high, the more layers of safeguards should be considered to mitigate the risk.

Risk mitigation assessment is part of a privacy impact assessment (PIA). (What is a PIA?)

Review your current security policies and software with your technical support. If you have a small business and don't have in-house technical support, outsource a security review. Update your risk assessment. [clickToTweet tweet=”Don't become a victim of cyberextortion. #PrivacyAwarwe” quote=”Don't become a victim of cyberextortion.”]

Have you seen this?

The Office of the Information and Privacy Commissioner (OIPC) of Alberta has released an ‘Advisory for Ransomware'. You can learn more about preventative measures and ransomware response here.

10 Fundamental Cybersecurity Lessons for Beginners, by Jonathan Crowe, Nov 11 2015 to help you get started on improving your security.

See getcybersafe.ca for more information on common internet threats and on how cyber attacks affect businesses.

References

Search Security Tech Target. cyberextortion definition

cyberextortion, health care, healthcare, phishing, Practical Privacy Coach, privacy, ransomware, Safeguards, security

How to Prevent Phishing Attacks

Posted on January 27, 2017 by Jean Eaton in Blog

“Hello Dear sir/madam, I have received large sum of money to be transferred to your bank account.Please to email me right away with your account information. Many thanks.”

Ever get one of these emails? We're pretty good at recognizing this kind of scam, but cyber criminals are very clever to find new ways to hijack our personal data.

These kinds of attacks are called “social engineering attacks” and they include “phishing”, “spear phishing”, “pharming” and “vishing“. These attacks exploit human tendencies of wanting to be helpful to people in need, trusting those with some form of authority, or even just being curious or greedy.

By claiming to be a system administrator who needs your password to fix your account, or your credit card company needing to verify your credit card number and expiration date, or someone from far away who will give you millions of dollars as soon as you send him some money first….these are all ways to gain unauthorized access to systems or information in order to commit fraud or identity theft.

It only takes one click!

A phishing scam usually involves an e-mail that encourages a user to click on a link, which could then expose the user’s computer to malicious software. The software can then open the doors to unauthorized disclosure of information, loss of information and/or denial of network service.

We have also seen an increase in the number of ransomware attacks where the attacker, once inside the victim’s system, changes the passwords or encrypts the data from the authorized users’ files. The attacker then demands that the owner pay them to return access to the information.

Last year, the Canadian Revenue Agency was forced to delay the tax-filing deadline because its network was exposed to the Heartbleed bug, which essentially allows unauthorized people to access supposedly protected Internet traffic. A computer-science student in London, Ont., is facing several charges for exploiting the vulnerability created by the bug to access sensitive information. (The Globe and Mail May 14, 2015.)

Don't get caught on the phish-hook!

There are many creative ‘cyber bad guys' who love to trick you into providing your personal information. You need to educate yourself about the kind of scams out there, and take heed to prevent a cyber attack.

[clickToTweet tweet=”Employees are widely considered to be the weakest link in security infrastructure. Be #PrivacyAware” quote=”Employees are still widely considered to be the weakest link in any security infrastructure, so it’s no surprise that phishing remains so popular and effective. “]

The fact is, good phishing email looks just like regular messages from people we know and care about, and to make matters worse, it can also be difficult to detect.

When it comes to phishing, prevention is the best defense. Investing in employee education and training now can save you a great deal of time and effort further down the line.

How Do You Avoid Being a Victim?

Tip – Be secure, be suspicious, be up-to-date.

Instructions

Click the image to download the pdf

Learn more about phishing – The Office of the Privacy Commissioner of Canada has a Top 10 tips to protect your inbox, computer and mobile device.
Educate yourself – and your staff and family– about cyber security awareness. Use the ‘The Realist’s Guide to Cybersecurity Awareness’ from Barkly to help you with ideas on how you can create a privacy and security awareness program.
Print the poster 5 Ways to Help Employees be Privacy Aware.
Use the Family Digital Chores Checklist from ESET-NCSA to remind you to conduct routine digital maintenance at home and at work.
Be suspicious of emails from financial institutions or other organizations hat ask you to provide personal information online. Reputable firms never ask for information in this manner.
Look closely for clues to fraudulent emails like a lack of personal greetings and spelling or grammatical mistakes.
Verify a phone number before calling it – if someone left you a message or sent an email claiming to be from your financial institution, make sure you check that the number is the one printed on the credit card or your bank statement.

Celebrate Data Privacy Day with Information Managers!

[clickToTweet tweet=”Practical #Privacy tips, tools, and resources! Get it before it's gone. #PrivacyAware” quote=”Concerned about your privacy online? The FREE Data Privacy Day E-course makes it easy for you to enjoy the benefits of the internet while protecting your privacy.”]
It's easy, fun and filled with practical tips, tools, and resources!

Click here: Get it before it's gone.

Follow Data Privacy Day around the world using Twitter and #PrivacyAware.

#PrivacyAware, Data Privacy Day, email phishing, phishing, Practical Privacy Coach, prevent phishing attacks, privacy awareness, security

Smartphone Privacy Tips

Posted on January 26, 2017 by Jean Eaton in Blog

Ah, smartphones. The wonderful technology that lets us call, text, email, and Facebook to our heart's content, all while throwing some digital angry birds. What's not to love?

Quite a lot, actually, if you fail to protect your privacy.

Smartphones can store and transmit a wide range of data that third parties can access – such as your contact list, your pictures, and your browsing history. They are also vulnerable to viruses and malware that can compromise your personal information. Many apps that you have downloaded or pre-installed use geo-location, which allows you to be tracked wherever you go. Using Wi-Fi hotspots are a great way to get around paying for data usage on your phone bill, Wi-Fi hotspots can also leave you vulnerable to intrusion.

Wondering if a smartphone is a good idea for your child?

Taylor Tompkins provides step by step instructions on how you can modify your child’s smart phone security settings to help you limit the phone’s applications that meet parental approval and empower your child to use their smartphone responsibly.

For more security tips for your SmartPhone, including a review of apps, how to secure your work email, access your bank from your mobile device, make safe purchases on your mobile, and reduce security breaches see, “Smartphone Security Guidance” (TigerMobiles.com)

Memory Devices Too

Sometimes we forget that our cell phones are memory devices, too. Plugging in your cell phone to a computer USB port might be convenient way to listen to music while you are at work or to charge up your phone – but it is also a way to upload viruses from the phone to the computer or to download data from the computer to the cell phone![clickToTweet tweet=” Don't let employees plug in their phones to your computers at work. #PrivacyAware” quote=” Don't let employees plug in their phones to your computers at work.”]

Do You Use a Digital Wallet?

Using your phone to pay for your purchases is the ultimate convenience. Not surprisingly, it comes with additional risks, too. VISA recommends users to keep “L-O-K” in mind to add extra layers of security to protect your digital wallet. See more details here:

How to “LOK” down your digital wallet

So how do you protect your mobile privacy?

Tip – Secure and protect your phone to protect your smartphone privacy.

Instructions

Secure your phone with a unique password
Protect your phone with security software and update its operating system when prompted
Opt-out of the location service feature – many apps do not need geo-location enabled to work
Limit the type of business you conduct using Wi-Fi hotspots. If you use Wi-Fi frequently, consider using a VPN connection. See the infographic from Point-Bl_nk Communications
Turn off blue-tooth and Wi-Fi roaming; turn it on only when you need it
Help the Good Samaritan return your lost phone; enable your screen lock display with a contact phone number or email to find you.

For more smartphone privacy tips, see Information Managers Data Privacy Day E-course. Get it before it's gone!

Resources

Ackroyd, Brandon. “Smartphone Security Guidance” (TigerMobiles.com) 2015- Dec-14.

Martin, Stacy. “Helpful or Creepy? The Creep-O-Meter Could Help You Find Out” Stay Safe Online Blog 2015-Nov-13.

Tompkin, Taylor. Empowering Your Child to Use Their Smartphone Responsibly, Stay Safe Online Blog, 2013-Jul-16.

See all the Data Privacy Day E-course resources posted each day on our website.

Celebrate Data Privacy Day with Information Managers!

[clickToTweet tweet=”Concerned about your privacy online? Practical tips, tools, and resources! Get it before it's gone. #PrivacyAware. ” quote=”Celebrate Data Privacy Day with Information Managers! Tweet This!”]

Concerned about your privacy online? The FREE Data Privacy Day E-course makes it easy for you to enjoy the benefits of the internet while protecting your privacy.
It's easy, fun and filled with practical tips, tools, and resources! Get it before it's gone.

Follow Data Privacy Day around the world using Twitter and #PrivacyAware.

We are proud to be a Data Privacy Day Champ!

#PrivacyAware, Data Privacy Day, Practical Privacy Coach, Practice Management Mentor, privacy awareness, security, smart phone security, smartphone privacy tips

Do you want to enjoy the benefits of the internet without the fear of cyber attacks and privacy breaches?

Posted on September 18, 2016 by Jean Eaton in 15 Day Privacy Challenge, Blog

Is this you?

Paul clicked on a link in an email that encrypted all his data on his computer and now he has to pay a ransom to get the data back.

Mary used her work email address to register for the course, “Ready to leave your job?” Now her boss thinks that she is looking for a new job.

Alice did not follow your clinic policies and procedures properly and she left a confidential message with the wrong patient.

Bob is a new employee and will start his orientation tomorrow.

They each use the internet for their personal lives and as an employee. You need to know the best practices on the internet and how to protect your personal information. It's easy once you know how!

The 15 Day Privacy Challenge is a fun, FREE educational opportunity on privacy and security that you can use at home or at work. Enjoy the benefits of the internet without the fear of cyber attacks and privacy breaches when you use these practical tips, tools, and resources.

This free course is ideal for businesses, healthcare practices, or clubs and their privacy officers, employees, and their families.

The course is free – there is no risk to you and you will see that the 15 Day Privacy Challenge is the perfect way to make small changes easily that can improve the privacy and security of your information right away!

October is Cyber Security Awareness Month and Information Managers is celebrating by hosting our annual 15 Day Privacy Challenge.

The 15 Day Privacy Challenge starts October 14th, for fifteen days.

The challenge includes tasks centered on a privacy or security best practice. Each challenge includes a short description about why this practice is important, how to get started, and links to additional resources. Each challenge will take approximately 15 minutes to complete.

Businesses and healthcare providers are legally responsible to ensure that every employee, contractor, and vendor receives privacy and security training, including cyber awareness. Prevent malicious errors, omissions or attacks that could result in fines and even jail time for the business, healthcare provider, employee, or vendor by being up to date on privacy and security best practices.

Training is the cornerstone of every privacy and security program.

People love games, challenges, and cyber competitions to create variety and interest in privacy and security best practices. The 15 Day Privacy Challenge uses a variety of multi-media content that everyone in your practice can understand. Privacy awareness training alone won’t guarantee that mistakes or errors in judgement won’t happen, but Privacy Awareness Training is your logical first step.

privacy-challenge-information-managers-event-fb-2016-nolink

The 15 Day Privacy Challenge starts October 14th, for fifteen days.

The 15 Day Privacy Challenge includes easy to access on-line resources delivered each day. You will have access to all of the resources for one year on the website.

BONUS – access to discussion group with other participants to share your tips.

The 15 Day Privacy Challenges includes:

Posters
Short articles with practical information
Videos
Infographics
Links to additional free resources
Certificate of completion

The 15 Day Privacy Challenge includes practical tips on:

Confidentiality
Privacy Collection
Manage USB Sticks and Mobile Devices
Computer Backup
Computer Security
Spam email, Phishing emails, Spear-phishing
Privacy Officer Education
The Right to Access Your Own Personal Information
Change Your Passwords
Employee Orientation
Social Media
Risk Assessment
Privacy Breach Reporting

At the end of the challenge, you will receive a printable poster, bragging rights, and an opportunity to win a draw for a small prize basket (Canadian participants, only).

You will also have many more tools to add to your privacy tool box!

You can do this yourself or make it a team event. The finished tasks and poster will contribute to your business' Privacy Management Program. Proudly display your poster to your co-workers and customers to show the steps you have taken to manage privacy and security.

Successful challengers might also find that this qualifies for CPE credits, too!

Register for the 15 Day Privacy Challenge!

The course is free – there is no risk to you and you will see that the 15 Day Privacy Challenge is the perfect way to make small changes easily that can improve the privacy and security of your information right away!

Register right away while this is fresh in your mind! You won’t want to miss a single one!

#15DayPrivacyChallenge, #CyberAware, 15 Day Privacy Challenge, healthcare, Practical Privacy Coach, Practice Management Mentor, privacy, privacy awareness, privacy officer, security, security awareness, training

Making Passwords Secure in Your Healthcare Practice

Posted on April 14, 2016 by Jean Eaton in PMN Replay, PMN Stitcher

In this FREE 30-minute Practice Management Nugget Webinar with Dovell Bonnett you will learn how to fix the weakest cybersecurity link in your healthcare practice.

Dovell Bonnett, “The Password Guy”, corrects the errors, misconceptions and lies about passwords

Dovell will explain why password management is the key component of managing the cybersecurity of your healthcare practice.

You need to understand how to properly implement reasonable cyber safeguards to:

protect your businesses from cyber-attacks
free individual computer users from cumbersome security policies, and
put IT administrators back in control of their networks

Replay is ready! Recorded Live April 21, 2016.

Replay will be available for a limited time . . . unless . . .

If you are a member of Information Managers Network you will have continued access to the replay and resources ‘forever' (as long as the internet is around).

You can return to this page (mark it as a favourite in your menu bar) – or from your Members Account Login – http://informationmanagers.ca/account/

See you soon!

Jean

Ask your questions here or use the chat:

“Expensive backend cybersecurity products are worthless when the virtual front door has a lousy lock!”

Dovell Bonnett

The management of passwords is the real security nightmare.

User authentication is the most ignored risk to enterprise cybersecurity. When end users are allowed to generate, know, remember, type and manage their own passwords, IT has inadvertently surrendered the job title Network Security Manager to employees – the weakest link in the cybersecurity chain.

Dovell Bonnett reveals the truth about the elephant in the room that no one wants to mention: Expensive backend security is worthless when the virtual front door has a lousy lock! Making Passwords Secure breaks down THE SIMPLE TRUTH about Multi-Factor Authentication (and how to make MFA fast, easy and affordable)!

Dovell proves that making passwords secure is not only possible, passwords can actually become an effective, cost efficient and user friendly feature of robust cybersecurity. After examining how encryption keys are secured, this book introduces a new strategy called Password Authentication Infrastructure (PAI) that rivals digital certificates.

Passwords are not going away.
What needs to be fixed is how passwords are managed.

Dovell Bonnett has been creating computer security solutions for over 20 years. His passionate belief that technology should work for humans, and not the other way around, has lead him to create innovative solutions that protect businesses from cyber-attacks, free individual computer users from cumbersome security policies, and put IT administrators back in control of their networks.

He has spent most of his career designing solutions to solve business security needs, incorporating multiple applications onto single credentials using both contact and contactless smartcards. The most famous example of his work is the ID badge currently used by all Microsoft employees.

Dovell has contributed to numerous papers for the Smart Card Alliance organization; magazines, including Card Manufacturing Magazine; and is the author of two books, Online Identity Theft Protection for Dummies® and Making Passwords Secure: How to Fix the Weakest Link in Cybersecurity. Dovell is a frequent speaker and sought-after consultant on the topic of passwords, cybersecurity, and building secure, affordable and appropriate computer authentication infrastructures.

hosted by Jean Eaton of Information Managers Ltd.

Your Practice Management Mentor and Practical Privacy Coach

cyber security, Dovell Bonnett, Multi-Factor Authentication, PAI, Password Authentication Infrastruture, password management, Practice Management Mentor, privacy, Report this, security

Making Passwords Secure in Your Healthcare Practice

Posted on April 14, 2016 by Jean Eaton in Archive

In this FREE 30-minute Practice Management Nugget Webinar with Dovell Bonnett you will learn how to fix the weakest cybersecurity link in your healthcare practice.

Dovell Bonnett, “The Password Guy”, corrects the errors, misconceptions and lies about passwords

Dovell will explain why password management is the key component of managing the cybersecurity of your healthcare practice.

You need to understand how to properly implement reasonable cyber safeguards to:

protect your businesses from cyber-attacks
free individual computer users from cumbersome security policies, and
put IT administrators back in control of their networks

Have you seen this?

post-it notes on computer monitors with the password written on it
computer users sharing the same credentials
passwords that are easy to guess

“Expensive backend cybersecurity products are worthless when the virtual front door has a lousy lock!”

Dovell Bonnett

The management of passwords is the real security nightmare.

User authentication is the most ignored risk to enterprise cybersecurity. When end users are allowed to generate, know, remember, type and manage their own passwords, IT has inadvertently surrendered the job title Network Security Manager to employees – the weakest link in the cybersecurity chain.

Dovell Bonnett reveals the truth about the elephant in the room that no one wants to mention: Expensive backend security is worthless when the virtual front door has a lousy lock! Making Passwords Secure breaks down THE SIMPLE TRUTH about Multi-Factor Authentication (and how to make MFA fast, easy and affordable)!

Dovell proves that making passwords secure is not only possible, passwords can actually become an effective, cost efficient and user friendly feature of robust cybersecurity. After examining how encryption keys are secured, this book introduces a new strategy called Password Authentication Infrastructure (PAI) that rivals digital certificates.

Passwords are not going away.
What needs to be fixed is how passwords are managed.

Register here for the FREE Webinar with Dovell Bonnett.

Email Address

Dovell Bonnett has been creating computer security solutions for over 20 years. His passionate belief that technology should work for humans, and not the other way around, has lead him to create innovative solutions that protect businesses from cyber-attacks, free individual computer users from cumbersome security policies, and put IT administrators back in control of their networks.

He has spent most of his career designing solutions to solve business security needs, incorporating multiple applications onto single credentials using both contact and contactless smartcards. The most famous example of his work is the ID badge currently used by all Microsoft employees.

Dovell has contributed to numerous papers for the Smart Card Alliance organization; magazines, including Card Manufacturing Magazine; and is the author of two books, Online Identity Theft Protection for Dummies® and Making Passwords Secure: How to Fix the Weakest Link in Cybersecurity. Dovell is a frequent speaker and sought-after consultant on the topic of passwords, cybersecurity, and building secure, affordable and appropriate computer authentication infrastructures.

Thursday, April 21, 2016

Join us for Practice Management Nugget Webinar

Making Passwords Secure with

Dovell Bonnett

Email Address

hosted by Jean Eaton of Information Managers Ltd.

Your Practice Management Mentor and Practical Privacy Coach

cyber security, Dovell Bonnett, Multi-Factor Authentication, password management, Practice Management Mentor, privacy, Report this, security

7x Your Professional Education – for Members of Information Managers Network

Posted on April 7, 2016 by Jean Eaton in Practice Management Nugget Interview

In this FREE 30-minute Practice Management Nugget Webinar with Dustin Rivers you will get a behind-the-scenes peak at the upcoming 2016 Saskatchewan Connections conference.

The Connections events are each regionally based conferences designed for Access, Privacy, Security and Information / Records Management professionals working for public agencies.

Through a series of plenary, breakout and workshop sessions, delegates will gain a clearer understanding of access to information, protection of privacy, information security, and records management issues that arise in organizations subject to FOIP, LAFOIP, and HIPA. More importantly, discussion focuses on the connections between these disciplines.

25+ sessions and 35+ speakers over 2 days

Regina SK May 10-11, 2016

Learn how you can 7x your professional education starting with listening to this interview with Dustin Rivers, Executive Director, Verney Conference Management right now!

The 2016 Saskatchewan Connections: Access, Privacy, Security, Records Management & Health IM Conference, is also part of a series of regionally based conferences, all based on similar themes. They are the only multi-disciplinary, cross-jurisdictional, and community-based developed events for the greater public service across Canada. As a value-added bonus, participants of this event also receive access to the presentations from these Connections events in the same calendar year!

Verney Conference Management

www.ontarioconnections.ca

www.manitobaconnections.ca

www.maritimeconnections.ca

www.nlconnections.ca

www.skconnections.ca

Whether you are a new attendee, have attended many times in the past, are new to the field or are a seasoned veteran…this event will offer something for everyone.

Recorded Thursday, April 7, 2016

7x Your Professional Education

This conference is for you if you are an

Access & Privacy Professional
Information Technology and Information Security Expert
Academic
Lawyer
Human Resources Professional
FOIP/LAFOIP Officer
Federal Public Servant
Communications Manager
Information / Records Manager
Municipal Employee
Service Delivery Personnel
Chief Privacy Officer
Chief Counsel
Security Officer

You should also attend if:

You are a member of your organization's library community and are concerned with how information is categorized and retrieved
You are an archivist and are responsible for managing legal and historically significant information
You are a manager responsible for program and/or client records of all kinds, including personal, secure and classified information
You are a knowledge manager responsible for designing and leveraging the information management practices of your organization
You are interested in managing information for the purposes of:
- Service Improvement
- Service Transformation
- Management Accountability Framework response
- Departmental Audit
- Program Management
- Information Technology Deployment and Optimization

Dustin Rivers Executive Director Verney Conference Management

Dustin Rivers

Dustin Rivers is the Executive Director of Verney Conference Management.

Since 2002, Dustin and Verney have been providing Conference Management Solutions across Canada.

hosted by Jean Eaton of Information Managers Ltd.

Your Practice Management Mentor and Practical Privacy Coach

Register for the 2016 Saskatchewan Connections event

access, access and privacy confernce, Health IM, privacy, Records Management, Regina, Saskatchewan, security, Verney Conference Management

7x Your Professional Education

Posted on April 5, 2016 by Jean Eaton in PMN Replay

In this FREE 30-minute Practice Management Nugget Webinar with Dustin Rivers you will get a behind-the-scenes peak at the upcoming 2016 Saskatchewan Connections conference.

The Connections events are each regionally based conferences designed for Access, Privacy, Security and Information / Records Management professionals working for public agencies.

Through a series of plenary, breakout and workshop sessions, delegates will gain a clearer understanding of access to information, protection of privacy, information security, and records management issues that arise in organizations subject to FOIP, LAFOIP, and HIPA. More importantly, discussion focuses on the connections between these disciplines.

25+ sessions and 35+ speakers over 2 days

Regina SK May 10-11, 2016

Learn how you can 7x your professional education starting with listening to this interview with Dustin Rivers, Executive Director, Verney Conference Management right now!

The 2016 Saskatchewan Connections: Access, Privacy, Security, Records Management & Health IM Conference, is also part of a series of regionally based conferences, all based on similar themes. They are the only multi-disciplinary, cross-jurisdictional, and community-based developed events for the greater public service across Canada. As a value-added bonus, participants of this event also receive access to the presentations from these Connections events in the same calendar year!

Verney Conference Management

www.ontarioconnections.ca

www.manitobaconnections.ca

www.maritimeconnections.ca

www.nlconnections.ca

www.skconnections.ca

Whether you are a new attendee, have attended many times in the past, are new to the field or are a seasoned veteran…this event will offer something for everyone.

Thursday, April 7, 2016

(replay available for a limited time)

Join us for Practice Management Nugget Webinar

7x Your Professional Education

This conference is for you if you are a an

Access & Privacy Professional
Information Technology and Information Security Expert
Academic
Lawyer
Human Resources Professional
FOIP/LAFOIP Officer
Federal Public Servant
Communications Manager
Information / Records Manager
Municipal Employee
Service Delivery Personnel
Chief Privacy Officer
Chief Counsel
Security Officer

You should also attend if:

You are a member of your organization's library community and are concerned with how information is categorized and retrieved
You are an archivist and are responsible for managing legal and historically significant information
You are a manager responsible for program and/or client records of all kinds, including personal, secure and classified information
You are a knowledge manager responsible for designing and leveraging the information management practices of your organization
You are interested in managing information for the purposes of:
- Service Improvement
- Service Transformation
- Management Accountability Framework response
- Departmental Audit
- Program Management
- Information Technology Deployment and Optimization

Dustin Rivers Executive Director Verney Conference Management

Dustin Rivers

Dustin Rivers is the Executive Director of Verney Conference Management.

Since 2002, Dustin and Verney have been providing Conference Management Solutions across Canada.

hosted by Jean Eaton of Information Managers Ltd.

Your Practice Management Mentor and Practical Privacy Coach

Register for the 2016 Saskatchewan Connections event

access, access and privacy confernce, Health IM, privacy, Records Management, Regina, Saskatchewan, security, Verney Conference Management

Guest Blog Post by Tamara Beitel

Why should you safeguard health information?

What are safeguards?

Safeguards Next Steps

Resources

Is this you?

This free online course is ideal for businesses, healthcare practices, or clubs and their privacy officers, employees, and their families.

The 15 Day Privacy Challenge starts October 15th, for fifteen days.

What People Are Saying

The 15 Day Privacy Challenges includes:

The 15 Day Privacy Challenge includes practical tips on:

Yes, I'm ready to take the Privacy Challenge!

Is data the new hostage?

Here's what you should be doing now to prevent cyberextortion on your computer network.

Have you seen this?

It only takes one click!

Don't get caught on the phish-hook!

How Do You Avoid Being a Victim?

Instructions

Celebrate Data Privacy Day with Information Managers!

Click here: Get it before it's gone.

Wondering if a smartphone is a good idea for your child?

Memory Devices Too

Do You Use a Digital Wallet?

So how do you protect your mobile privacy?

Resources

Celebrate Data Privacy Day with Information Managers!

Is this you?

This free course is ideal for businesses, healthcare practices, or clubs and their privacy officers, employees, and their families.

The 15 Day Privacy Challenge starts October 14th, for fifteen days.

The 15 Day Privacy Challenges includes:

The 15 Day Privacy Challenge includes practical tips on:

Dovell Bonnett, “The Password Guy”, corrects the errors, misconceptions and lies about passwords

Replay is ready! Recorded Live April 21, 2016.

The management of passwords is the real security nightmare.

Passwords are not going away. What needs to be fixed is how passwords are managed.

hosted by Jean Eaton of Information Managers Ltd.

Dovell Bonnett, “The Password Guy”, corrects the errors, misconceptions and lies about passwords

Have you seen this?

The management of passwords is the real security nightmare.

Passwords are not going away. What needs to be fixed is how passwords are managed.

Thursday, April 21, 2016

Join us for Practice Management Nugget Webinar

Making Passwords Secure with

Dovell Bonnett

hosted by Jean Eaton of Information Managers Ltd.

25+ sessions and 35+ speakers over 2 days

Regina SK May 10-11, 2016

Recorded Thursday, April 7, 2016

7x Your Professional Education

This conference is for you if you are an

Dustin Rivers

hosted by Jean Eaton of Information Managers Ltd.

25+ sessions and 35+ speakers over 2 days

Regina SK May 10-11, 2016

Thursday, April 7, 2016

Join us for Practice Management Nugget Webinar

7x Your Professional Education

Dustin Rivers

hosted by Jean Eaton of Information Managers Ltd.

Passwords are not going away.
What needs to be fixed is how passwords are managed.

Passwords are not going away.
What needs to be fixed is how passwords are managed.