In a forgotten time, if an organization wanted to secure their communications, all that they had to worry about was their conversations, postage and landlines. If a business was on the cutting edge of technology, it might use a fax machine as well.
In 2019, things are a lot more complicated. To start with we, now have email, mobile calls, and text messages. Then there are the countless messaging apps like WhatsApp, Facebook Messenger, Telegram, Signal, and Viber.
On top of this, there are online calls like Google Voice, Skype, and others. We can’t forget video calling either, or the fact that many of these services offer several different communication channels.
Landlines and postage haven’t gone away either, so they still have to be secured as well. Some businesses even persist in using fax machines.
The point is that in the modern world, we have a lot more to worry about. With so many different channels, how can an organization possibly secure them all?
While the task may seem like an unending battle against emerging and deprecating technology, the goal of securing all of your business’s communications is not unattainable. All it takes is planning, policy, and enforcement.
Analyzing the needs of your organization
Sure, all of these new communication methods have definitely complicated security, but you also have to look at the other side as well. They allow us to do things that we have never been able to do before – we can get results in seconds that may have taken months in earlier days.
There are tremendous advantages to many of these technologies, so there is no point in being a Luddite and staying away from technological developments. As long as potential security risks are addressed, these solutions can be more than worthwhile.
Your organization should be leveraging these technologies to simplify its work processes as much as it can. But it needs to be doing with a security-first mindset.
Take stock of your organization’s current communication methods
The first step is to look at the channels that are currently being used. Email is a given, most businesses probably use cell phones and landlines as well. Does your business use messaging apps on top of this? How about VOIP or video call services? Is there a workplace Slack, Facebook or Telegram group?
What does your organization really need?
Once you have accounted for each of the channels that are being used, and what they are being used for, you can consider whether or not they are necessary. Does your business really need to use landlines, cell phones and VoIP, or can these be consolidated? Are texting apps important for getting work done quickly, or can you restrict messaging to email in order to simplify your systems?
If you can reduce the number of different communication channels that are used in your workplace without impacting productivity, it will make it much easier to administer them securely.
Does it need to be secured?
Let’s be honest, a lot of information doesn’t need to be secured. While SMS may be insecure, it probably doesn’t matter if all you are using it for is to send certain offers and promotions to your customers (although there may be certain healthcare situations where even something this simple can violate HIPAA).
If you can ensure that a given communication channel won’t be used to transmit sensitive or valuable information, then you may not need to find a secure alternative. Take the human factor into account when you consider this because these mistakes and laziness can end up being incredibly costly for businesses.
Look for Secure & Compliant Alternatives
There are a number of different solutions that allow you to message, call or video-call in a secure and compliant manner:
- Calls – Neither landlines or cell phones offer a safe way to voice call. Any calls that require security should be done over encrypted VoIP connections.
- SMS – SMS is an insecure protocol, so secure email or messaging apps should be used whenever you are sending sensitive or valuable information. Despite this, a service like SecureText can be used to send SMS messages that alert recipients that there is a secure message waiting for them.
- Email – Standard email is inherently insecure, but services that use portal pickup, PGP or S/MIME can be safe. Secure Email is a HIPAA-compliant option that offers a wide range of security configurations.
- Messaging apps – SecureChat is HIPAA-compliant and secure. While options like Signal and WhatsApp also offer encryption, they do not offer HIPAA compliance.
- VoIP – Signal and WhatsApp both encrypt their voice calls from end to end, but they do not offer HIPAA-compliance.
- Video calls – Secure Video allows its users to deliver telemedicine or run conference calls with up to 100 people, all in a secure and HIPAA-compliant manner.
Establish a Policy
Once you have determined your business’s communication needs, analyzed the risks and come up with secure alternatives, it’s time to establish a workplace-wide policy that ensures these secure communication channels are used every time that sensitive and valuable information is transmitted.
Design the Policy to Handle Worst-case Scenarios
It’s best to be overly cautious in the policy and account for mistakes – remember, simple errors often cause of massively expensive HIPAA penalties.
Sure, a workplace Facebook group can be a great way to facilitate communications. You could even have a strict policy that sensitive and valuable information should not be exchanged in the group. It might even be effective for a long time.
But what happens when Robert from accounting just woke up from his 2pm nap, and in a brief, bleary-eyed moment he forgets about the rules and posts something he shouldn’t? Even if it was a simple accident and Robert from accounting didn’t mean to do it, his actions could still lead to a HIPAA violation or the information getting stolen by a hacker or publically exposed.
This is why it’s best to be overly cautious. Sure, you could have a workplace Facebook group, but why run the risk when you can use secure alternatives instead?
Training & Awareness
Once a policy has been established, you need to make your employees aware of it so that the new regulations are followed. Compliance can often be improved by explaining the reasons why the policy is in place and discussing the risks during training sessions.
Monitor & Enforce the Policy
Once your new policy has been set up, you will need to monitor whether or not it is being followed. In the transition period, you may notice violations, but if you address these carefully at the start and strictly maintain the policy, you will soon break the old employee habits.
Over time, there may need to be some reinforcement, otherwise the old habits can end up slipping back. This can be achieved through periodic training, continuing to provide awareness about the policy and the reasons behind it, as well as taking extra time to address those employees who have violated the policy.
Adjust the Policy as Necessary
Over time, new solutions will become available, while your current services may also become less secure. If you want your business to maximize its security and productivity, there is no reason for the policy to be set in stone. Instead, it should be adaptable, taking advantage of services that may improve performance, while leaving behind those that may pose a threat. Policies should be reviewed and updated at least yearly.
Workplace-wide Secure Communications
Protecting all of your critical communication channels may sound like a challenging process, but luckily there is already a wide range of security-focused applications that are easy to implement.
At LuxSci, we offer a variety of secure and HIPAA-compliant alternatives in-house:
Arranging to take care of all of your secure communication services through one provider will result in systems that are more interoperable, save on overhead, simplify implementation and make management far less of a headache.
With the right approach and an expert technology partner, securing all of your organization’s communications is an easy way to drastically reduce the risks that it faces.