I know, I might be accused of heresy for even bringing it up. But the statistics are so alarming these days, it’s a discussion that needs to be held at the very highest level of every healthcare organization in America.
For security’s sake, isn’t it time to get rid of email? There, I’ve said it, but before you start throwing virtual tomatoes, hear me out.
The cybersecurity market has grown exponentially in the last five years. Forbes estimates the global spend on cybersecurity was $123B dollars in 2020 and that number should grow to somewhere near $143B this year. And yet, the cost of cybercrime is at an all-time high.
Cybercrime Magazine by Cybersecurity Ventures provides research and reports on cybercrime costs, cybersecurity market size, and spending forecasts. They estimate the global cost to businesses from cybercrime will be more than $6 trillion dollars (with a “T”) in 2021! Ransomware damages have grown 57 times higher than they were just five years ago and it is officially the fastest-growing cyber-crime according to the Department of Justice. Many reports, including those from Gartner and Forbes show that 90% of all successful hacks come through emails, and 95% of all cybersecurity breaches events are caused by human error.
Given all this, I find it hard to understand why many of us in healthcare are unwilling to look at our business practices when it comes to email. It’s this “sacred cow” and yet, most employees (I’d say 80% or more), don’t have external clients where email communication is essential. Our employees primarily talk to each other, their managers, HR, etc. Most have no reason to receive or send email outside the organization. For those that do (HR, finance, senior leadership), it’s easy enough to set up email server with the appropriate rules. I’ve actually seen one hospital ban email for staff that don’t really need it. They communicate global info via their Intranet and within appropriate applications.
So why do hospitals still allow every employee to have Internet-based email? I would challenge you to look at these practices. Is it necessary for most of your employees to be able to send and receive email from outside the organization? When I look at much of the inbound and outbound email that hits an organization’s mail servers, much of it is spam and/or non-business related. Personal email doesn’t belong in the healthcare setting on company computers, though I’ve seen some organizations set up isolated PCs in areas like cafeterias and break rooms so staff can look at personal email if they don’t have a smartphone.
So I dare you to look at your organization’s stand on email and start asking those serious questions. Should email be a business communication tool for a select few, or should it remain a convenience for everyone? Or do we just admit that out of control cybersecurity costs are a 21st century cost of doing business. What do you think?
Be Safe. Be Secure.