Customer Value Story:
Prevention is Better Than Cure
The pandemic has disrupted operating models of businesses across the globe. Since the beginning of 2020 – and since the launch of our company in 2006 – LogicManager has been working with our clients to help them pivot and prepare. We have over 15 years of experience under our belt of helping customers avoid all sorts of risks and scandals.
Over this past critical year, we’ve collected over 200 value stories from our customers about how they’ve leveraged our guidance to drive their businesses forward. This series delves deeper into those stories in hopes of helping other businesses throughout these challenging times.
Topic:
Warding off ransomware, negligence and inefficiencies with ERM software.
Introduction
The healthcare industry has dramatically transformed over the past year and half. Innovation is no longer a competitive differentiator; hospitals, clinics and pharmacies now rely on the flexibility and capacity of their technology to continue providing services. This digital transformation has triggered an influx of new, more formidable cybersecurity threats. Ransomware attacks are running rampant, and hackers are using the vulnerability of HIPAA-protected information to advance their coercion.
One LogicManager client is a pharmaceutical company dedicated to moving the healthcare industry forward. They aim to drive innovation with expert insights, quality service and state-of-the-art technology. However, they recently realized that their user access review process was manual and antiquated, pulling critical time and resources away from achieving these strategic goals. It also left them susceptible to significant cybersecurity threats. How might a ransomware attack impact their patient and stakeholder trust? Could it result in a negligence lawsuit? On top of these unknowns, there were also the uncertainties of the pandemic to account for. They needed a system that would save them time and resources without sacrificing quality or security.
Challenge
This organization is required to submit evidence to auditors each quarter that demonstrates they are reviewing which employees have access to sensitive information within the applications they use.
When they first came to LogicManager, their user access reviews were 100% manual. Managers completed thousands of reviews at a time, one by one, and relied strictly on memory for completing them on time. In the short term, this left room for human error, missed deadlines and failed audits. But these weaknesses could eventually carve out just enough access for a sophisticated hacker.
When the pandemic forced employees to begin working remotely, it became a challenge to track people down when performing their user access reviews. The arduous and time-consuming process was now further muddled by the communication hurdles of their newly virtual environment.
Related Post: The Colonial Pipeline Hack: A Failure in Risk Management
COMPLIMENTARY DOWNLOAD: 3 Steps To Better User Access Reviews
What should every strong User Access Review include? Download our free guide to find out.
Solution
Working with their Customer Success Representative, this LogicManager champion created a new process for user access reviews that works with them instead of against them. Built on a taxonomy framework that pulls in risk and compliance information from all corners of the business, their new user access review system:
- Ingests user access data directly from their third-party applications (e.g. Jira).
- Automatically distributes the data to managers to review their employees’ access rights.
- When a manager indicates that an access right needs to be adjusted for an employee, it automatically pushes a task to Jira for the IT team to make the adjustment.
- Deploys reminder tasks for reporting to help with overseeing the overall process.
- Creates a time-stamped audit trail of when all access rights were reviewed.
This new process significantly reduces the manual burden on employees so they can focus less on administrative data manipulation and more on value-add activities that help the organization achieve its strategic goals.
Business Outcome
Let’s explore some long-term benefits this client will realize as a result of this streamlined and integrated process:
- They’re cutting down on time and resources required to run this critical quarterly process. Those hours that can now be re-allocated to working on individual, team, and company goals will quickly add up by the end of the year.
- They’ve drastically reduced their risk of missing an application review by eliminating the manual components of this tedious process.
- The time-stamped audit trail they’ll build in the process of completing their user access reviews will allow them to instantly produce a report to show auditors evidence of their due diligence.
- In the healthcare industry, patient confidentiality is critical for preserving trust and preventing negligence penalties. This organization now has a sophisticated IT risk management program in place that keeps them better protected from ransomware attacks.
- They’ve gained full transparency into the strengths and weaknesses of their overall IT Governance program: What has already been completed? What tasks are still open? Where do others need to intervene to improve? These gaps will become instantly apparent through comprehensive risk assessments and consistent monitoring.
LogicManager is a fully integrated, risk-based platform – it’s designed to help our clients perform any business process in a way that effectively mitigates risk. In this client’s case, they’re mitigating the risks of a privileged access violation.
And that’s no simple feat; in today’s virtual world, ransomware attackers have more intelligent methods of accessing sensitive information and HIPAA-protected information is more vulnerable (and valuable) than ever before. This not only means that the threat for an attack is far greater than it used to be, but it also means that regulatory agencies are enforcing more stringent data privacy regulations on organizations everywhere. Negligence has become nearly as great a risk as the IT threats themselves.
While a ransomware attack is not always preventable, negligence is 100% preventable through sound risk management practices. This client can rest easy knowing that their User Access Review software not only frees up more time to focus on innovating the healthcare industry but protects the integrity of the work they’re doing each day.