What is security theater?

Featured image

Share this article

Cybersecurity Risk Management: How Companies Are Responding to COVID-19 and Remote Work - Paubox

Security theater refers to security measures that make people feel secure but don’t provide actual safety. It is about the perception of security rather than security itself.

And when it comes to cybersecurity, many features can lull users into feeling protected. But there are numerous threat vectors (or entry points) into any system, which means there needs to be more than just one simple solution.

Real security must address and defend rather than just act as a security blanket.

For healthcare organizations tasked with providing solid patient care and safeguarding protected health information (PHI), security theater is not enough.

RELATED: Why is healthcare a juicy target for cybercrime?

A layered cybersecurity program (with strong features such as HIPAA compliant email) is more important than smoke and mirrors.

What is security theater?

Wikipedia defines security theater as actions that “provide the feeling of improved security while doing little or nothing to achieve it.” The term was first coined by Bruce Schneier, a computer security specialist and writer, to address the war on terrorism.

According to Schneier, security theater addresses movie-plot threats or overly specific attack scenarios. One of the examples he highlights is when commuters take off their shoes to go through airport security.

This is why Schneier states, “Security theater refers to security measures that make people feel more secure without doing anything to actually improve their security.”

While security theater may alleviate fear it also provides a false feeling of safety. This means people are less on guard and may miss real threats.

Moreover, security theater measures can consume funding and resources that could (and should) be spent elsewhere.

Cybersecurity theater

Within the cyber world, security theater checks off the boxes that make you feel defended. Antivirus software, check. Complex password policy, check. Pop-up email warnings, check.

For HIPAA compliance it might also mean employee awareness training, patient portals, and policies/procedures on device use.

RELATED: HIPAA stands for . . .

Healthcare organizations typically have large, vulnerable attack surfaces, which are composed of all the threat vectors that allow unauthorized entry into any system. And none of the above-mentioned features truly block access points on their own.

Employee training that is out of date and not continuously reiterated does not teach anything. Moreover, employee awareness training on its own is not enough.

Email portals, with their superfluous access steps, do not mean security. And policies and procedures around device use mean nothing without other measures to back them up.

What should you do instead?

According to Schneier, the best method of security is the traditional “follow the evidence” approach. In other words, utilizing cybersecurity that provides protection based on what an organization needs.

Real cybersecurity measures must be grounded in a risk-based approach, which is why a HIPAA risk assessment is a great place to start. A risk assessment helps covered entities figure out the most effective and most appropriate administrative, physical, and technical safeguards needed.

A mandatory risk assessment encourages healthcare providers to continuously check, assess, and update their policies and procedures. It demonstrates which access points and endpoints must be secured.

Only after such an investigation can an organization truly decide what combination of cybersecurity features will protect PHI.

Paubox Email Suite—practical and necessary

But no matter what, one thing that every covered entity needs is strong email security, which is where Paubox comes in. Paubox Email Suite’s zero-step protection does exactly what it is supposed to do. It removes the worry and stress from electronic communication without relying on security theater.

Our HITRUST CSF certified solution encrypts all emails automatically. Moreover, it works on every type of device and integrates with your existing email platform (e.g., Microsoft 365, Google Workspace, or Microsoft Exchange). There is nothing to download and no extra account to create or monitor.

No extra password. No extra clicks or web pages to wade through to get to a place where patients can communicate with doctors.

Finally, Paubox Email Suite utilizes two-factor authentication, which is a crucial part of the Zero Trust security framework—which is, in fact, a truly useful security methodology supported by the NSA and CISA.

Paubox’s security measures are useful and valuable without being showy. That’s because security does not need to be observable to make a difference. Security theater is the exact opposite, a show, and should not be the focus of any cybersecurity program.

Try Paubox Email Suite for FREE today.
Author Photo

About the author

Kapua Iao

Read more by Kapua Iao

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022