Rachael Sauceman, Full Media
As a health care digital marketing company, Full Media specializes in helping health care providers connect with patients in need of care. While we spend a lot of time doing the typical stuff — writing copy or creating ads — we also help organizations make sense of big data, analyze consumer behavior and even safeguard patient privacy because so much information is now exchanged online.
For both health care organizations and other industries alike, businesses can track just about every move a consumer makes online and then continue pursuing leads through specialized tactics like retargeting. With all this information at our fingertips comes a responsibility, whether ethical or legal, to secure it.
Along comes COVID-19
While cybersecurity and customer privacy should be top of mind for all businesses and marketers, the situation has become even more dire in the wake of COVID-19.
Bloomberg reports that health care organizations are being especially targeted by hackers at this time. In recent ransomware attacks, hackers have gone so far as to lock down critical systems at hospitals, preventing health care providers from accessing life-saving data about their patients. During these attacks, many providers simply pay the ransom because their organization is overwhelmed in dealing with COVID-19.
We expect that this trend will continue, and other industries may be impacted. One downfall about security breaches is that we often don’t hear of them — companies request anonymity (if they even agree to discuss an event with the media) for fear of being targeted again and breaking trust with their customers and patients.
What to do to prepare your organization
We have recently been working to improve our cybersecurity practices to become a fully HIPAA-certified agency and offer a higher level of service and peace-of-mind for our health care clients. So we wanted to share some tips that we’ve learned along the way:
1. Ensure your website has an SSL. Historically, an SSL wasn’t a requirement unless a website was used to process payment information. Now, however, an SSL is recommended for any website.
SSLs are important because they verify that your website is actually connected to your company or brand. This is essential because phishing schemes rely on people opening emails or going to websites that look just like a brand that they trust, but is actually set up by hackers looking to steal customer information.
The quickest way to tell if your website has an active SSL is to look for the little lock on the far left-hand side of the URL bar in your browser. If there’s a lock, your site is secure. If it says “Not Secure,” contact your web provider to see if they can implement an SSL for you.
2. Talk to your IT team now about cybersecurity and discuss an audit. There are all sorts of cybersecurity threats out there — bots that scan websites looking for vulnerabilities (or openings through which malware can be deployed), ransom attacks (the type we mentioned above, in which hackers initiate attacks on databases and systems and demand money to halt malicious intentions) and more.
Right now, moving your team to work remotely may put your company and your customers at unique risk, and you may not even realize it.
If you’re unsure where to start in rolling out employee training, especially related to adapting security measures in remote work environments, ask your IT company. They can ensure your company is employing best practices. Some organizations will even test your employees by sending fake ransomware or phishing emails as a training tool.
3. Create an ongoing process to keep security and compliance top of mind.
Many small business owners tend to think: “This would never happen to me. Why would someone want my company’s data?” But the truth is, it’s happening. And as automation continues to grow, more and more cybersecurity threats will present themselves.
If you don’t have a relationship with an IT vendor, find one and start opening the lines of communication between your marketing, IT, legal counsel and business operations teams. We have clients who have set up monthly meetings to review and troubleshoot compliance and security risks. Another meeting might sound like a hassle, but security should be viewed as a critical business function that touches every facet of your business.
4. Have a plan in place for a potential breach. A cybersecurity threat is such an important and impactful issue that hoping it never happens to you isn’t a proactive enough approach. Consult with your legal team, and have an understanding of how you’d respond to various threats, as well as how you’d release information to the public should an issue arise.
Rachael Sauceman is the Head of Strategic Initiatives for Full Media, a Chattanooga, Tenn.-based digital marketing agency specializing in health care. Full Media offers a full spectrum of digital marketing capabilities within the health care space, including website design, online advertising, SEO, patient experience optimization and analytics.