Episode 69 of HIPAA Critical features an interview with Nashon Copeland, IT Specialist at Ness County Hospital.
Hannah Trum: I'm Hannah Trum, and this is HIPAA Critical, a podcast from Paubox where we discuss security, technology, and compliance news with healthcare industry leaders. The internet has something for everyone. From cybercriminals to technology novices, the sheer amount of information is both a weapon of good and evil…depending on how you see it. On the cybersecurity battlefield, individuals and organizations can’t afford to skimp on the basics of securing information. Think of best practices such as two-factor authentication, email encryption, and cybersecurity education. With the internet as our greatest weapon and most significant obstacle, arming yourself with the right resources to succeed is a challenge. My guest today, Nashon Copeland, has waded through the waters of self-taught cybersecurity and out the other side to become the IT Specialist at Ness County Hospital. We touch on resources and tools for self-education during our conversation, where email encryption fits into his organization, and how everyday people on the Internet can proactively protect themselves. Hi, Nashon. Thank you so much for joining me on HIPAA Critical today. How are you?
Nashon Copeland: I'm doing well.Hannah: Great, I'd like to go ahead and just jump right in; when we had our discovery calls, something that was very interesting to me that you said is that you're a self-taught cybersecurity professional. So what kind of materials or resources are there on the topic?
Nashon: A lot of what I used to teach myself was just on the internet, forums, stuff like that. A big thing that helped me was having trouble and then finding a way to fix it. And then just remembering how to get to that same and fix that same problem.Hannah: Like muscle memory, you have to repeat it a couple of times to get it out right off the bat.
Nashon: Yeah, that's been a big thing. And just, I guess my knowledge of computers since I've been tiny. And living with computers my whole life.Hannah: Yes, we Millennials have lived in this computer world forever. Do you utilize the resources that you use to teach yourself at work? Like, are you still going and looking at Reddit threads and other educational sources to keep your education going?
Nashon: My education resources have changed a little since I started at the hospital. It's more coordinating with other hospitals now other IT teams, more of a professional forum and resources than just anybody on the internet.Hannah: Yeah. So that leads me right to my next question. Would you suggest that everyday people on everyday internet, people who don't work in a hospital, educate themselves as you have on cybersecurity, just to keep themselves safe within their own lives, and then maybe in their work lives as well,
Nashon: I think everybody needs to know cybersecurity to protect themselves. I see many people feel like nothing will happen to them because they don't have a big target on their head, like, being named a business or anything.Hannah: And they're not a billionaire, so they don't think they'll be attacked. That's why you get phished. Right? It's the everyday people that are the most vulnerable.
Nashon: Yeah, so I suggest people try looking up things if they have questions and asking people that are in the field what they might be able to do.Hannah: Yes, use your “phone a friend” [card] and call your friend who works in it. So when you moved to an in-house specialty role, you said that you know you're self-taught. So you didn't go through school, and this is the first when you're working at the hospital. What surprised you the most about the similarities and the differences between personal and professional cybersecurity?
Nashon: In professional cybersecurity, everything's more connected between all the devices, personal devices, your phone, computer, and stuff are usually not super connected and hardwired in. So I think that that's been a big thing there.Hannah: How do you in your organization handle cybersecurity? I know that you said that it's you. And then I think your VP of technology and you both influence the solutions you'll use and their training. So how does your organization do that with employees?
Nashon: A lot of our stuff I try to do house one on one, if something comes up with people for significant issues or something or if I notice somebody doing something that doesn't follow procedure or very, very good security. Some people come in every once in a while for training, but I'm trying to find more ways to increase our activity and the everyday knowledge of our end users.Hannah: Do you do one-off phishing emails? It's popular at Paubox to send fake phishing. Our compliance officer will send them to see who's clicking where they shouldn't be clicking.
Nashon: Yeah, that's a big thing that I have been doing. I started doing it once a month; I've been hit or miss now on it so that they don't expect it once a month or anything now. But I have that and can monitor our click rate on stuff like that.Hannah: Speaking of cybersecurity problems and training, how has the current global conflict changed how you see cybersecurity and how your business approaches cybersecurity?
Nashon: With the current conflict in the world, we saw a significant increase in phishing emails and all kinds of cyberattacks. And I think it shows that cyber technology is a tool that can be leveraged by certain parties and needs to stay up to date; IT needs to [keep up] as they're updating their ways constantly.Hannah: I agree. And we both worked in healthcare, which is notorious for always playing catch up, especially in information security; what do you think now that you've worked in healthcare and been in your role? What do you think that healthcare security professionals should start doing today to impact their business?
Nashon: I think a lot of healthcare security professionals should take the time to have discussions with the decision-makers about new products and stuff coming in so that they're in line, and they can also give their insight and opinions. Is this something that's going to be replaced later? Or something like that down the road? Or are we needing better tools, so we don't always have to keep playing catch up? And maybe we can get ahead for a while. And something like that.Hannah: I agree. And you know, your company uses Paubox for email encryption. So I'd like you to speak about how email encryption has changed your company's approach to security. And if it has changed how you will vet future solutions, if you choose to add more to your cybersecurity stack?
Nashon: Yeah, With Paubox, it made it very clear that with security it needs to be where [users] don't even notice what's happening. When we went with Paubox, [the end-users] didn't see a single change. There should be nothing that changes about their daily usage.
Nothing changed at all. Nobody struggled to try to learn how to encrypt emails or anything. It's increased our encryption from basically nothing or people not knowing how to encrypt to everything's encrypted now.
And the filter has been getting better and better and preventing a bunch of stuff going to their inbox, cleaning up all that spam.Hannah: So, does that change how you vet future cybersecurity solutions? Because the ease of Paubox will push you and your technology team to pick solutions that are easier for your end-user for your everyday employees and customers?
Nashon: Yeah, I think anything that we go with from now on, we'll always look at the ease of use for end-users, how much training we have to do if there's a whole lot of training or consistent training that puts a lot of takes a lot of time and brainpower for end-users when they have a bunch of other stuff, especially in healthcare to worry about.Hannah: It takes up a lot of your time because you are in a smaller department where you do so much and wear so many hats.
Nashon: Yeah, it saves time.Hannah: Do you have any last-minute comments or tips for any of our listeners about cybersecurity or working in cybersecurity, or how to get a start?
Nashon: I think to throw your hat out there. Show people what you're able to do for cybersecurity if you have already been working with computers and stuff like that. And if you're just trying to get into it, go into any computer-related fields because they’re expanding. And with everything increasing, one hat for cybersecurity will not cover it anymore. Like there's so much in-depth for each area. So there's always something for you to learn.Hannah: To learn how Paubox products, like ExecProtect, can keep your company ahead of bad actors, please visit paubox.com/blog. Paubox product innovation directly results from the feedback we receive from our customers and others who attend our monthly Zoom Social mixers. What solution can we build for you? Come to our next mixer to find out. Applications for the Paubox Kahikina STEM scholarship are now open and are due by May 31, 2022. This scholarship encourages Native Hawaiians to pursue careers in STEM. Details are linked in the transcript. You can listen to every episode of HIPAA Critical on paubox.com or subscribe via Apple Podcasts , Spotify , iHeartRadio , Stitcher , Amazon Music , or wherever you listen. Thank you for tuning into another episode of HIPAA Critical; I’m your host, Hannah Trum, signing off.