Posted Wednesday, October 6, 2021 by Team Northwoods

Solving Cybersecurity Problems in Human Services Before They Start

If you work in IT, the words “data loss” likely send shivers down your spine. If you work in IT for a human services agency, the stakes are even higher. No one wants to be responsible for a security breach or data leak that compromises your system integrity, threatens your clients’ privacy, or delays your agency’s ability to deliver services to the people who rely on you.

Of course, there’s the financial aspect to consider as well. Did you know ransomware victims in United States spent an average of $2.09 million in remediation costs in 2020?

Since October is National Cybersecurity Awareness Month, we’re sharing some key things human services agencies should do to prevent common cybersecurity problems from happening.

Divider line

Store your data in a secure cloud environment.

Human services agencies that regularly manage personally identifiable information (PII), information protected under HIPAA, and other valuable data are a prime target for cyber-attacks. Storing data on-premises increases your agency’s vulnerability, whereas moving it to the cloud allows for more enhanced security and privacy measures.

For example, Northwoods partners with Amazon Web Services (AWS) to store our customer’s data in the cloud. To secure these environments, we leverage dedicated provisioning, FedRAMP-compliant and HIPAA-compliant services, and all data is encrypted.

Divider line

Test your backups and restores.

Ransomware. Hardware failure. Human error. Natural disaster. In any of these events, minimal turnaround time to get back online is key to avoiding any major data loss or disruption. Whether your systems are cloud-based or on-prem, regularly testing your backup and restore procedures is one way to ensure you can recover quickly.

For example, for our Traverse® customers, we take full advantage of AWS cloud services to architect a highly available and scalable modern web application experience. Our robust solution ensures data is stored on redundant and fault-tolerant hardware to avoid service disruptions. Backups are taken regularly, and we have the ability to restore quickly from multiple nationwide data centers.

Divider line

Regularly review system access and permissions.

This helps ensure only those that need access to data have it. People are using more and more applications to do their work, so making sure that the appropriate access and permissions are configured for them is critical to ensure data security. Unfortunately, staying on top of access and permissions changes and reviewing this information can take a lot of time.

A great way to efficiently handle access and permissions is to use solutions that leverage single sign-on capabilities. Taking advantage of single sign-on allows you to manage your users in one system and have those settings used by other applications. You can enforce your own password policies, multi-factor authentication requirements, audit logs, and permissions in a standard way. Traverse provides single sign-on capabilities to improve user security and reduce IT burdens associated with user management.

Divider line

Find reliable software partners.

At the end of the day, your agency’s IT resources are already stretched so thin. It’s nearly impossible to be effective managing cybersecurity on top of everything else (read more on the pitfalls of this DIY mentality here), especially when so many software and cloud providers can bear the burden—and the associated costs—for you.

Trusted software partners will be well-versed in security and privacy and have these types of advanced measures built into their tools. They’ll monitor for network intrusions, monitor critical metrics (e.g., server OS metrics, network status, and environmental changes) and constantly be testing for vulnerabilities.

Here are some questions to ask IT vendors to ensure they’re following best practices and prioritizing security. You should always ask to see a company’s audit results and third-party attestations to validate their claims as well.

Divider line

Even if you’re not directly responsible for cybersecurity, it’s good to be aware of these best practices to protect your agency from a costly mistake. Have additional questions or concerns? We’re happy to help! Read our eBook on leveraging cloud technology for human services for more best practices.

Director of Northwoods Support Center Aaron Caldwell and Director of Software Engineering Jeff Turner contributed to this post.

Divider line

New call-to-action