Like a body’s immune system, a cyber-aware workforce is the immune system in the body of an organizations security programs. When it comes to a cyber-aware culture, many think instantly of password quality or the logging off your computer. While important, that is similar to the “floor” of compliance. What’s critical to a healthcare organization’s cyber resilience is the rigor with which the use of sensitive and protected health information (PHI) is documented. All healthcare organizations will have informal information flows to support the real way work gets done. A cyber-aware culture will document even those informal flows to help establish the preparedness necessary for resilience. Similarly, staff should be taught cyber-aware procedures, such as disconnecting their device from the network at the first sign of malware, but not turning it off to preserve its “state” for cyber forensics investigators. Again, these cultural attributes can translate directly into valuable information that accelerates detection, response, and recovery.
We at Dubai Health Authority (Government of Dubai) missioned a program creating a cyber-aware workforce of health care professionals. This program has helped 8500+ professionals, which included, doctors, nurses, caregivers, pharmacists, non-clinical staff etc. working across, 4 Hospitals, 14 primary health care centers, 4 emergency/trauma centers & 5 specialized centers to become more intuitive to cyber security incidents and security best practices. The program was undertaken by conducting a series of parallel classroom sessions by trained professionals from DHA’s (Dubai Health Authority) information security team, which was well supported by its committed management. They covered almost 1100+ sessions over a period of 9 months. This included meticulous planning of transporting people to desired location, conducting sessions as per the shift timings of healthcare providers and adherence to hospital administration procedures. The program is now expanding its reach to private healthcare providers across Dubai and as you read this 78 private healthcare professionals have already been made cyber-aware by DHA.
Security awareness training is considered critical, given the threats facing organizations. The impact of DHA’s vast awareness program resulted in a positive impact of organizations security posture with more incidents captured and resolved this ensured strengthening of controls across the enterprise and increased knowledge sharing amongst the staff both clinical and non-clinical. The program also touched the personal lives of employees in a positive way with they becoming more aware on information security threats lurking around them in their day-to-day habituated lives. As the employees of DHA are from different cultural backgrounds like Arabic, Asian, African, European & Western the task of involving the employees was even harder for the trainers. But the engagement ensured continued success with continuously increasing attendance and demand for more sessions from the audience.
The program’s uniqueness was at reaching out to people and planning the program around their regular working hours which introduced its own sense of acceptance among the masses. Parallel sessions were conducted to ensure maximum coverage in a stipulated time. Practicality, Animation of information security concepts/best practices and gamification ensured continued interest of the staff. The staff were also rewarded part of a quiz campaign that helped achieve more mileage and Word-of-mouth marketing for the program without extra advertising.
The inspiration behind this program was The Dubai Cyber Security Strategy and Dubai Information Security Regulation, which not only adds to the government’s numerous achievements but also gives further impetus to the government’s journey of excellence in cyberspace. The Cyber Security Strategy has a set of 5 main pillars – Cyber Smart society, Innovation, Cyber Security, Cyber Resilience and National/International collaboration, together with its guiding principles helped us derive the zeal and cohesiveness to run this program.