Why Establish a Security Culture
By Gil Vidals, , HIPAA Blog

Five “Security Culture” Markers to Aim for in your Organization:

  • Cybersecurity is a top-down, strategic part of the company’s vision
    Security is linked to business goals and relevant to board-level decisions
  • You’ve determined a “data blueprint” of how data is used
    Your team understands the context in which the data is created and used, and how it is subject to regulation.
  • Annual risk assessments are being conducted
    All risk areas, including staff, practices, and technology, are evaluated regularly.
  • Security skills and governance tools are becoming integrated into daily activities
    You’re enabling the latest protocols and encryption ciphers for data protection, using two-factor and password-less authentication, secure workstation practices, etc.
  • Ongoing staff training is being conducted
    Since malicious attacks continue to evolve, security training, including phishing awareness, is being conducted regularly.