November 1, 2024
|
Endorsement story
November 1, 2024
|
Endorsement story
Information security is gaining increasing attention in healthcare organizations. We spoke about this with a large healthcare organization in the south of the Netherlands. Information security is an important theme for them: they continuously map out vulnerabilities and implement improvements. One of the tools they use for this is Passguard. Why? We asked the CIO.
Many companies only look at their own systems to check their security, for example, by conducting penetration tests. That's important, but it doesn't give a complete picture. There's so much more going on in the big, bad outside world that you have no visibility of. I wanted to map out these vulnerabilities more broadly.
"There's so much more going on in the big, bad outside world that you have no visibility of."
The decisive factor for me was that Passguard is an independent organization: not an existing service provider with vested interests in the outcomes of a scan. Because of Passguard’s free quick scan, I could quickly see what was happening. This helped me make its importance tangible to the Board of Directors. We were able to act swiftly to map out and mitigate the risks.
You know that things can surface during such a scan. That was the case for us too. For example, it became clear that there was a lot of 'interest' in our organization. Our insight: We can better protect information by preventing unauthorized access to internal systems through employee accounts. You have some sense that it can happen, and you hear the stories. But after such a scan, you see the real facts. It gave everyone a very clear picture of where we stand.
"Our insight: We can better protect information by preventing unauthorized access to internal systems through employee accounts."
From one private device infected with infostealer malware, we detected serious access. Furthermore, it became clear that most risks arise at the intersection of work and private life. This creates risks that we want to get ahead of.
We immediately acted on the major risks. Then, we continued to address them. But not by using the findings as a stick to beat people with, but as a way to give more priority and attention to information security. This means taking controlled actions to neatly resolve the risks without creating other problems.
We also use the outcomes of the Passguard study to raise awareness within the organization. This applies not only to our management team and the Board of Directors but also to awareness campaigns for staff.
"We also use the outcomes of the Passguard study to raise awareness within the organization."
Sorting at the account level is fantastic, as it gives you an immediate cross-section, which is great for raising awareness.
Now we keep going. This wasn't a one-time step for us. That's why Passguard will continue to measure and monitor what's happening so that we stay up to date with these risks.
I would certainly recommend it, for three reasons: