Crozer-Keystone Health System in Pennsylvania comprises five hospitals and operates several outpatient centers, a sports club, and a comprehensive physician network of primary-care and specialty practices. Systems Engineer Michael Mize works daily to protect the sensitive data of thousands of patients served by more than 1,000 physicians and 6,000 total employees. Mize has seen first-hand how the threat landscape has evolved over time and is adapting priorities accordingly.
To be effective today, security teams must get more efficient. Mize incorporates the advanced capabilities of technology into the SOC to help staff work more productively. For example, by moving to McAfee Endpoint Security (ENS) 10, machine learning will help block malicious threats, freeing up security professionals to focus on higher-level tasks. But Mize also understands the value of building a comprehensive culture of security to create a truly secure environment. “’Together is power’ to me means collaboration,” says Mize. Crozer-Keystone brings this to life by working with other security professionals across the industry but also by focusing on educating its own employees.
Mize describes a good day as one when users proactively reach out after receiving something they think might be a phishing attempt. Developing this kind of security-first mindset among staff doesn’t come automatically, so it’s good to see results from their training and reinforcement efforts. His team releases a monthly IT security bulletin on specific topics, such as phishing or physical security. In addition, the company provides a toll-free IT Security Incident hotline for reporting any suspicious problems and encourages unusual issues be reported to anyone in IT.
Crozer-Keystone also partners with other organizations, attending events like MPOWER, to learn more about the security landscape and understand what solutions are available. Mize says it’s important to collaborate with others in the same situation to help his team better understand what they’re doing right, where they can improve and what both parties can do together moving forward. To illustrate this, whenever he encounters an outside organization with a user who has had their email account hacked – via a phishing email that reached his system, for example – he calls their help desk to connect with his peer at their business. He then describes what he’s observed and provides instructions for how he recommends they correct the issue.
“I do this as a courtesy because we should all be looking out for each other even though it may take a few minutes out of our day. Maybe other security professionals will share this mindset and be more willing to help each other.”
Hear more from Michael Mize on the impact of growing up with McAfee and how collaboration is making a difference at Crozer-Keystone in this video.