Data security is an always-trending topic, especially in the medical and pharmaceutical industries. Some broad, universal safe-data recommendations include having a backup solution in place, as well as an antivirus program and a network firewall in effect. Keep systems up to date with the latest version of an operating system and ensure it is up to date with security patches, anti-virus software, file integrity monitoring and a host-based intrusion-detection system.
On location, enhance security by limiting administrative privileges for users and applications. Set workstation lockout settings so after a certain period of inactivity the station will lock so it’s not logged-in and unattended with full-access to documents and other content. Configure account settings to lock out a user after a series of failed login attempts. This prevents unlimited unauthorized attempts to login whether from an unauthorized user or via automated attack types like brute force. For additional security at workstations, shred hard copies of confidential data and do not keep passwords on notes stuck to computer screens.
Avoid using the same password for multiple applications, websites, or services. Having a single password or sign on reduces the amount of credentials that users need to remember, but amplifies the potential damage if the credentials are stolen; if one application is compromised, the other applications are also at risk. Use a strong, unique password for each application, website, and service to assist in reducing risk in an organization.
Start reviewing security practices now by verifying there is a good company firewall device in place. Be compliant with HIPAA guidelines for computer and password security, and be aware of breach notification responsibilities should a data breach occur. Learn more about the Breach Notification Rule here: http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/