BYOD and HealthCare.gov: 5 Tips for Secure Access
If you have read or seen the national news lately, you may have noticed the rollout of President Obama’s Affordable Health Care Act website to be a bit of a cluster. On Monday, President Obama addressed the negative feedback by saying, “The website is too slow and people are getting stuck. And I think it's fair to say, nobody is more frustrated about that than I am. Nobody's madder than me about the web site not working as it should, which means, it's going to get fixed.”
Politics and mobility solutions do not mix, so we won’t slip into some narrative about what is happening in Washington. Instead, this is a good opportunity to think about accessing websites like HealthCare.gov to exchange sensitive personal data while you are accessing the internet in a Bring Your Own Device (BYOD) environment.
1. The wireless network should be secure.
Coffee shops are not necessarily the best place to be accessing your banking data, your investment data, medical records or other sensitive personal information. That’s not to say that doing so will leave you exposed to attack or identity theft, but simply not accessing those sites while in a BYOD environment is a good practice.
The problem is that, with the coffee shop example still in play, you as a consumer are not aware of the type of IT infrastructure behind the beans. It’s important to know, but unlikely you’ll find out unless you are responsible for securing the network for the consumers. If those duties fall under your umbrella, then it’s important to note how the network will be secured.
In the old days (4 years ago in technology terms), it took a number of physical appliances to secure a wireless network, now many solutions can handle security right out of the box. Securing your wireless network, or staying away from exchanging personal data on unsecure websites while in a BYOD environment is your best bet.
2. Websites you access should be secure.
See up there in the top left corner of your web browser, does the address bar start with http:// or does it start with https:// - that will be an indication of accessing a secure website. You can right click with your mouse and read the information about the website’s security and, most importantly authenticity.
Sites that include https:// can indicate the information you’ll be sharing is indeed going to be secure. Computer experts out to intercept your personal data have been know to put up seemingly secure websites only to swipe your data once you start entering personal information. The rollout of HealthCare.gov could have been an ideal time for evil-doers to take advantage of the unsuspecting consumer who was fed up with the delay and searched to find other ways into what they may have believed to be the government insurance portal. Careful when you browse.
3. The wired network should be secured with advanced features.
Again, if you don’t work in information technology, you probably won’t have an idea of what is happening on the internal network where you are being provided wireless access to the internet. Accessing a secure site like HealthCare.gov or your financial institution may be allowed, but remember that you are not the only one accessing that same wireless signal. Therefore, visits to various websites and mouse clicks made without caution by unwitting employees can add risk to many of the other devices on the network - including the one you are using to exchange personal data. Hopefully, those in decision-making capacities are able to evaluate what is currently in place and constantly evaluate best practices to keep the network and any user safe in a BYOD environment.
Some of the more advanced network features available today not only monitor the websites that users are allowed to access on the network, but can also rate-limit the amount of bandwidth allowed per user. Some solutions require additional hardware or appliances to accomplish the same features that others can do right out of the box (and expert configuration of network infrastructure, of course).
The first step our company takes is to determine what issues a customer might have with their current mobility system. If you have wireless access points capable of providing gigabit speed over wireless, but the switching infrastructure isn’t capable of handling that speed from the core, then the network may experience some bottlenecking.
At the same time, if there is an internal concern about BYOD devices running applications like Netflix or peer-to-peer sharing, then a closer look at the applications “allowed” on the network may be required. Each situation is different and our recommendations are based around needs of the end user.
4. Inter-user communication on the network should be denied.
Speaking of file-sharing, another concern on a network that doesn’t include robust security features would be inter-user communication. Employees should expect some amount of privacy when exchanging data, though it can be argued that the data they are sharing shouldn’t be of a personal nature while they are working.
5. Device being used should be password protected.
Don’t forget that having recently accessed a site where you exchanged personal data, and walk away from it without logging out or your screen locking, that’s a huge risk to your sensitive information. Even if you haven’t recently accessed a government healthcare website or your financial institution with that wireless device, the way people utilize them today the potential loss is not worth the risk. Even though it’s not recommended, accounting for 1% of phone passwords, 1234 is still 90% safer than no password at all!
If your organization is considering BYOD you can contact us here with any questions or a free BYOD readiness consultation. We have worked with multiple types of organizations all across the US implement successful and secure BYOD solutions. We are always happy to help!