Cybersecurity is everyone’s responsibility

Rob Suárez, HCISPP, Chief Information Security Officer for BD

At BD, we are trying to change the way society and industry view cybersecurity. While some view people as the weakest link in security, I see them as cybersecurity’s biggest ally. Threat actors have long relied on tactics like phishing and social engineering because they are effective, and even the most mature technology companies can be impacted by cyberattacks. That is why a comprehensive approach to cyber preparedness must include robust cyber training opportunities for associates.

Building a vibrant, resilient and highly accessible healthcare system ecosystem means going beyond cybersecurity awareness to embrace cybersecurity engagement—because cybersecurity is everyone’s responsibility. As Cybersecurity Awareness Month comes to a close, here’s a look at some of the ways we reinforce cybersecurity hygiene and equip our associates with cyber-smart strategies:

Make cybersecurity relatable
As consumers, many of our associates are already accustomed to applying security updates to their cell phones and using multifactor authentication to access their financial and social media accounts. What is different in healthcare is that we are not just protecting systems and data. We are protecting patient safety and privacy. Any time a medical device cannot be used or trusted because of a cybersecurity threat or risk, patient outcomes can be impacted.

To put healthcare cybersecurity in context, we look for opportunities to share authentic, relatable stories with our associates to expand their cyber awareness and reinforce the urgency around everyday cyber hygiene practices. That is why we invited several BD customers and industry experts to share their experiences with our associates during Cybersecurity Awareness Month. This year, guest speakers included Diego Mariano, Chief Information Security Officer for Albert Einstein Hospital in São Paulo, Brazil and Dr. Suzanne Schwartz, MD, MBA, Director, Office of Strategic Partnerships and Technology Innovation for the Center for Devices and Radiological Health (CDRH) with the U.S. Food and Drug Administration, among others. These opportunities allow our associates to better understand cybersecurity and its role in maintaining a thriving healthcare system.

Simulate real-world cyberattacks
Throughout the year, and twice during Cybersecurity Awareness Month, BD associates receive simulated phishing attacks designed to mimic real-world strategies being used by cybercriminals. The goal is to give our associates the opportunity to practice identifying and reporting suspicious emails. During Cybersecurity Awareness Month, we gamify this cyber smart skill by making it part of an annual contest.

Outside of Cybersecurity Awareness Month, we participate in scenario-based cybersecurity exercises to pressure-test our incident response processes and bolster our cybersecurity preparedness. These exercises provide opportunities for leadership to discuss strategic approaches to cybersecurity challenges while also allowing cross-functional associates who would be responding to an actual cyberattack develop muscle memory for following our incident response processes.

Train associates on emerging risks
Threat actors continually up their game in an effort to compromise systems and people. As new threats emerge, we educate our associates in real time on what to look for and how to avoid falling for cyberattacks. From bank-related spoofing emails to malicious text messages and fake social media accounts, it’s important to relay new types of threats as they emerge. We also update our policies and procedures at least annually, incorporating changes as needed to reflect emerging trends.

When it comes to cyber preparedness, making cybersecurity part of our corporate culture is essential. Just like we build cybersecurity into our products from the earliest stages of product development, we’re proactive about cultivating and reinforcing a cyber-smart culture to protect BD, our customers and patients.