Cybersecurity Policies

This article is part of RWA’s series on the 10 Best Health Industry Cybersecurity Practices.
Learn more at HHS 405(d) HICP website.


Over the past decade, one of the greatest changes in addressing cyberattacks involves establishing and implementing cybersecurity policies, procedures, and processes. These policies set expectations and foster a consistent adoption of behaviors by your workforce. With clearly articulated policies, your employees, contractors, and third-party vendors will know which data, applications, systems, and devices they are authorized to access, as well as the consequences of unauthorized access attempts.

Establish Roles and Responsibilities: Key people need to be tasked with implementing security practices and establishing policy. Even small organizations need to clearly define cybersecurity roles and responsibilities.

Education and Awareness: As technology advances, social engineering attacks will return to target the most vulnerable entities in your organization – your employees. The workforce will need regular training on practices, threats, and mitigation.

Moble and Personal Device Policies: As more work is done at home and in the field, new policies need to be developed and deployed to address these use cases, and how data can be secured and used in remote settings.

Incidence Response and Disaster Recovery Plans: It’s no longer enough for a small practice to rely on luck and agility. With the adoption of cloud and mobile technologies, disaster can strike anywhere, and it’s important to have standard practices for recovering assets, including backup plans.

As always, contact RWA to discuss the next steps in your cybersecurity journey!