Excerpt from SC Insights | Dispersed by design
Leading cyber security consultancy, Stratia Cyber, recently interviewed client organisation (Medic Creations) founder and CEO, Dr Sandeep Bansal to get his first hand insights into cyber risk as a health tech startup with a fully remote, globally dispersed workforce as we emerge from the Covid-19 pandemic.
Medic Bleep is a technology-led startup and had a remote working policy in place from the outset. As a critical system servicing hospitals and healthcare, the team has always needed to react very fast and to be able to access the servers and the technology from the engineering side, from wherever they happened to be.
Focusing the lens on the healthcare industry, Dr Bansal explained that not only was the NHS never before set up for mobile working, mobile device policies for using personal devices were mostly not in place. “Over the last 18 months healthcare trusts have been rapidly forced to look at MDM (mobile device management) solutions, and of course the cyber security elements associated with that.”
Make sure policies are understood
“Making sure the team understood existing information handling policies and processes when our working patterns first felt the impact of Covid-19 was our number one priority. We worked with Stratia Cyber to implement Cyber Essentials Plus and ISO 27001, as well as pentesting our solution, Medic Bleep.”
Communication, really good communication
Thriving despite the pandemic came down to really good communication. “When we got rid of our physical office space, we increased the frequency of team meetings, and when we made the decision to become a fully dispersed team, we introduced town hall style meetings for the entire team to be present and focus on what we can do better. Day to day, Slack provides a lifeline, especially for the engineering team.”
It could happen to you
Since the start of the pandemic, scams targeting the healthcare sector have spread faster than the virus itself. Needless to say, global panic and anxiety create the perfect conditions for fraud, and in May 2021 statistical market research estimated the Global Healthcare Fraud Detection Market is expected to reach US$ 6.9 billion by 2027*. In March 2020, Dr Bansal fell foul to a phish. “Since then, our focus has been on ensuring that doesn’t happen again. The incident was contained and the impact was low, but this kind of threat comes with a huge knock-on effect for our customers, and anyone else we’re working with.
“We have the necessary security protocols in place, but we’ve definitely seen a rise in attacks on our server, and we know first hand that people have tried to DDoS (Distributed Denial of Service) Medic Bleep in the last year.”
Protect yourself, not just your product
"Since I was targeted with an attack that succeeded, cyber risk became real for the entire organisation. Until then we’d been focusing so much on our product and its security, that we’d not fully recognised that there’s a whole lot more that applies to the company itself. Your product might not go down or even be affected by a cyber attack, but if you can’t get into your emails, you can’t function as a business. It’s not just the product that needs protection, it’s the entire company and end-to-end solution."
Determining what’s right for you
Dr Bansal reflects on the topic of hybrid working model adoption: “In the healthcare world, we run clinical trials to understand the pros and cons of drugs before prescribing something. Everything has a good side and a bad side to it. It might not make sense for businesses to go for these emerging solutions at this point in time, and not unlike an individual patient, this is something that needs to be assessed on a case by case basis.”
“The healthcare sector has typically been pretty poor at implementing change, so you can give it all the technology, but if you don't change the processes around it, and understand the technology, there's no point. You can't just go ahead and parachute in technology without understanding those fundamentals. And, obviously, you need to get your organisation onside if it makes a material impact on how they might work.”
In summary:
- Assess the real need for emerging technology solutions on a case by case basis – what’s right for others might not be right for you right now
- Implementing new technology or a hybrid working model is entirely dependent on your understanding of, and appetite to change the processes that surround it
- Get your stakeholders to buy-in based on how much the change impacts them.
About Stratia Cyber
Stratia Cyber is an independent cyber security consultancy with a flawless track record for delivery and a mission to enable businesses to thrive.
Whether you run a small startup or a large corporation, their NCSC-certified team of consultants have the expertise and credentials to reduce risk and minimise loss as a result of security incidents for organisations large and small.
Trusted to provide cyber also span legal, healthcare, national infrastructure, energy and retail sectors, Stratia Cyber was one of the first companies to achieve NCSC Certified Cyber Security Consultancy status. Stratia Cyber is also a CREST Accredited Company and a Crown Commercial Services (CCS) approved supplier to the UK Government’s G-Cloud Framework.