VPN for Healthcare Workers who work from Home – Security Risks
Today when we hear the term “invisible enemy,” our minds immediately think of the ongoing COVID-19 pandemic. However, another invisible enemy continues to rage in the shadows, infecting not necessarily us but our computer counterparts. As we continue to become increasingly reliant on our internet-connected devices in our daily lives, the number of hackers, sleuths, and thieves that patrol the web grows exponentially. With a significant portion of the workforce currently working from home, the number of targets for the bad guys has also increased. According to a recent Stanford University study1, 42 percent of Americans work from home due to COVID. The healthcare industry is no different as this past March, 70 percent of healthcare offices saw a 70% increase of non-clinical staff working from home. As a result, we have seen one of the biggest tech mobilizations in history, as countless companies are working around the clock to expand their IT infrastructure.
Many healthcare facilities are scaling a virtual private network (VPN) access to combat the problem. While VPNs are incredibly useful in allowing employees access to their work computers and systems from home, they are also a prime target for hackers’ attacks. Consider the following risks when building out your company’s VPN:
Your Employee’s Home Computer’s Defenses
A significant risk to your healthcare facilities’ VPN’s integrity is the employees’ ability to gain access at the front end. In a “Bring Your Own Device” (BYOD) scenario, employees will use their home computer to tunnel into their work’s network and ultimately to their workspace computer. As a result, an initial layer of protection to your healthcare facilities’ VPN is the firewalls and restrictions in place on the employee’s home computer and network. Home computers often have little to no firewall and access restrictions due to convenience, making them a great starting point for unwanted access.
It is not just the devices that are a significant concern, but the personal home network. Their entire family uses these home networks. Xbox game consoles, kids’ iPads, Amazon Alexa devices, even smart refrigerators or Ring doorbells, are connected to this network.
These devices are a conduit for what is known as a “man in the middle” attack. Home routers lack the security to encrypt traffic locally, so any device on the network can listen to any traffic traveling over that network. .Even the home router itself is a concern. Consumer-grade devices do not update their firmware frequently. Enterprise firewalls update on an almost daily basis to combat the number of new threats. Most home routers require an update once a year or something just as infrequent. All of these devices on your network also require updates. How often have you asked your kids if they updated their iPhone? Is your Ring doorbell firmware at the latest level? How about your LG Smart TV?
Risk in the Real World
The potential risks companies face by exposing themselves to weak data security protocols cannot be understated. According to a study on IBM’s data security, the average cost of a data breach in healthcare is $8.6 million2. Last year, the American Medical Collection Agency was one of the most massive breaches. They would have had to pay an average of $429 per the 25 million people affected by the breach. Instead, they had to file for bankruptcy. In addition to these breaches’ immense financial costs, it is hard to quantify the damage to trust companies face when a breach occurs. According to a study completed by Centrify, research shows that 69 percent of people think the importance of privacy and security practices preserves trust in companies5. As these examples illustrate, the risks healthcare facilities face through weak cybersecurity can be detrimental to a healthcare facilities’ bottom line; risks that will only continue to grow as companies expand their networks and cybercriminals become increasingly advanced.
How can we help?
While the intricacies and risk of a business VPN can be high, these systems play an essential role in enhancing healthcare facilities’ network security while allowing employees to work from home. There are ways that companies can gain some control over how a home computer can securely connect to your business network. Regular patching of these networks and monitoring traffic patterns from all access points are two great ways to protect your system. CloudNexus’ team of expert consultants has decades of experience in VPNs and other cyber services and can work with your business to create a secure network. Contact us today for a consultation regarding your cyber business security.