Teaching an Organization to Phish: Email Security Tactics

Subscribe on your favorite platform:

About the Podcast: The CyberPHIx is a regular audio podcast series that reports and presents expert viewpoints on data security strategy for organizations handling patient health or personal information in the delivery of health-related services. These timely programs cover trends and data security management issues such as cybersecurity risk management, HIPAA and OCR compliance strategy and vendor risk management. Meditology Services, the healthcare industry's leading security and compliance firm, moderates the discussions with leaders in healthcare data security.

In this episode of The CyberPHIx, 25-year data security veteran Dan Reither explores email security strategies ranging from technical solutions, data loss prevention, and widespread education of your workforce regarding social engineering threats. Dan is the Manager of Information Security for Health Partners Plans and Vice President of the ISC2 Philadelphia Chapter.

In a recent HIMSS study, 59 percent of organizations reported that email phishing was the initial point of data compromise, and 69 percent reported email as the source of incidents at hospitals. Dan provides valuable insight to healthcare security managers in “deputizing” the workforce and vendor network to prevent email security threats.

Listen as Dan and Brian Selfridge, ITRM Partner at Meditology Services discuss email security trends and best practices including:

  • A look at the evolution of email attacks from basic phishing to more sophisticated social engineering campaigns. As email security has gotten stronger, there is a shift from taking advantage of technical inefficiencies to more targeted social engineering.
  • A discussion of best practices for securing email platforms and incident response approaches to reduce damaging email attacks.
  • An evaluation of technical solutions to handle spam, including antivirus and data loss prevention tools. A primary technical solution includes email security and a phishing solution.
  • Acknowledgement of the success that malicious actors are having with email-based attacks.
  • Talking to vendors and employees and underscoring the importance of identifying and properly handling suspicious email activity.
  • Deputizing all employees as security team members on the front line in detecting and handling email attacks.