BLOG

Posted Wednesday, October 6, 2021 by Team Northwoods

How to Solve Your Human Services Agency’s Cybersecurity Problems Before They Start

If you work in IT, the words “data loss” likely send shivers down your spine. If you work in IT for a human services agency, the stakes are even higher. No one wants to be responsible for a security breach or data leak that compromises your system integrity, threatens your clients’ privacy, or delays your agency’s ability to deliver services to the people who rely on you.

Of course, there’s the financial aspect to consider as well. Did you know ransomware victims in United States spent an average of $2.09 million in remediation costs in 2020?

Since October is National Cybersecurity Awareness Month, we’re sharing some key things human services agencies should do to prevent common cybersecurity problems from happening.

Divider line

Store your data in a secure cloud environment.

Human services agencies that regularly manage personally identifiable information (PII), information protected under HIPAA, and other valuable data are a prime target for cyber-attacks. Storing data on-premises increases your agency’s vulnerability, whereas moving it to the cloud allows for more enhanced security and privacy measures.

For example, Northwoods partners with Amazon Web Services (AWS) to store our customer’s data in the cloud. To secure these environments, we leverage dedicated provisioning, FedRAMP-compliant and HIPAA-compliant services, and all data is encrypted.

Divider line

Test your backups and restores.

Ransomware. Hardware failure. Human error. Natural disaster. In any of these events, minimal turnaround time to get back online is key to avoiding any major data loss or disruption. Whether your systems are cloud-based or on-prem, regularly testing your backup and restore procedures is one way to ensure you can recover quickly.

For example, for our Traverse® customers, we take full advantage of AWS cloud services to architect a highly available and scalable modern web application experience. Our robust solution ensures data is stored on redundant and fault-tolerant hardware to avoid service disruptions. Backups are taken regularly, and we have the ability to restore quickly from multiple nationwide data centers.

Divider line

Regularly review system access and permissions.

This helps ensure only those that need access to data have it. People are using more and more applications to do their work, so making sure that the appropriate access and permissions are configured for them is critical to ensure data security. Unfortunately, staying on top of access and permissions changes and reviewing this information can take a lot of time.

A great way to efficiently handle access and permissions is to use solutions that leverage single sign-on capabilities. Taking advantage of single sign-on allows you to manage your users in one system and have those settings used by other applications. You can enforce your own password policies, multi-factor authentication requirements, audit logs, and permissions in a standard way. Traverse provides single sign-on capabilities to improve user security and reduce IT burdens associated with user management.

Divider line

Find reliable software partners.

At the end of the day, your agency’s IT resources are already stretched so thin. It’s nearly impossible to be effective managing cybersecurity on top of everything else (read more on the pitfalls of this DIY mentality here), especially when so many software and cloud providers can bear the burden—and the associated costs—for you.

Trusted software partners will be well-versed in security and privacy and have these types of advanced measures built into their tools. They’ll monitor for network intrusions, monitor critical metrics (e.g., server OS metrics, network status, and environmental changes) and constantly be testing for vulnerabilities.

Here are some questions to ask IT vendors to ensure they’re following best practices and prioritizing security. You should always ask to see a company’s audit results and third-party attestations to validate their claims as well.

Divider line

Even if you’re not directly responsible for cybersecurity, it’s good to be aware of these best practices to protect your agency from a costly mistake. Have additional questions or concerns? We’re happy to help!

Divider line

Subscribe to Northwoods' blog for human services

Divider line

Aaron-Caldwell-2018

Aaron has over a decade of experience implementing and supporting technology solutions for human services agencies. As director of the Northwoods Support Center, Aaron leads the teams who keep our customers’ systems running at peak performance so they can focus solely on helping clients. He makes sure both Northwoods and our customers are prepared for future technology and business changes that will impact them.

Jeff-Turner-2018 One of the most seasoned members of Northwoods' PD management team, Jeff Turner knows the intricacies of developing and deploying software for human services agencies better than anybody in the business. In his current role as DevOps Manager, Jeff tackles some of Northwoods' toughest technical problems and serves as our go-to expert on all things security and privacy.

Comments