24 May Meet Joey Bawa, Information Security Manager.
- What does your role at Monash Health entail?
My role carries a responsibility to ensure that Information Technology deployed at Monash Health is architected to protect personal and patient data from cyber threats. It also heavily revolves around managing cyber risk and ensuring that the technical infrastructure complies with the security controls and internal policies to deliver the best possible outcome that caters for Confidentiality, Integrity, and Availability of Information.
- What interests and hobbies do you have outside of work?
I love spending time with my kids and playing golf.
- We have just implemented Mimecast Security Messaging & Large File Send. What are the new tools?
Mimecast has been working with Monash Health since 2016 to help secure staff emails from malicious threats. This includes protecting staff from emails attempting to steal your passwords or make you download a virus.
We have recently introduced methods of exchanging information with external parties like other hospitals using email securely. This functionality allows select staff to not only send and receive emails securely but also permits large file exchange of up to 2GB in size that otherwise cannot be shared using standard email solution. The idea behind these new Mimecast tools is to make your job easier and safer from cyber threats as you go about doing your day to day jobs. These tools are called Mimecast Secure Messaging & Large File Send.
- How can Mimecast Secure Messaging & Large File Send support Monash Health?
You may need to send and/or receive sensitive information to external recipients as part of your job, especially when it comes to patient data, legal or financial records. This type of content is often subject to strict regulations about how it needs to be transmitted and handled. Mimecast’s Secure Messaging and Large File Send helps empower Monash Health staff to do exactly that in a way that sensitive information is only made available to parties who are authorised to send and receive it. There are other applications of these tools for Legal or Finance staff. Please feel free to contact me if you need more details.
I have been an Information Technology professional for over 25 years and had an opportunity to work for a few large corporates and startups in private and public sector. As part of this journey, I have helped organisations deliver key technologies to achieve strategic objectives.Talk us through your journey and why you’re passionate about security.
Recently, businesses and governments across the world have come to realise the tactical importance of maintaining good cyber security hygiene to withstand business continuity challenges, that have come under cyber threat resulting in reputational and/or financial loss. I had such an experience some years ago where this organization had to recover from a cyber security attack and came to the brink of losing valuable data that could have set them back by at least 2 years. I was assigned the task to help recover from this cyber-attack, and we did manage to overcome the challenge. I have been lucky enough to work with companies managing sensitive and high-profile data and have helped them steer through cyber security and technical challenges. These are some of the exciting experiences that have contributed towards my experience and on-going learnings resulting in keeping my passion alive in Information security.
- What are your challenges?
In a hospital environment, patients put a lot of trust in our hands to look after their health and personal information. In the cyber security world, it is often a cat and mouse game between people trying to do the right thing versus bad actors trying to make a quick buck by misusing stolen information, especially high value medical information. The biggest challenge, therefore, is to stay ahead of the game such that personal or medical information does not end up in the wrong hands. Evolving technologies also pose challenges where the technology is used to solve a problem but fails to maintain good cyber security posture creating a situation where information can be misused by people with bad intent. The challenge, therefore, is multi-fold. It is a fine balance between keeping information systems operational and data secure whilst ensuring that it is easy to use and is fit for purpose. Hence, maintaining the harmony between technology, people and processes has to be my biggest challenge.
- Do you have any advice for others in relation to security?
Cyber security is everyone’s responsibility.
Here are some of the tips that you can use to ensure that we collectively work to maintain good cyber security hygiene:
- Use good passwords so they cannot be abused by cyber criminals AND never share them or write them down. Check the password policy for details.
- Report IT events that look out of the ordinary or suspicious to IT Helpdesk.
- Respect and protect personal and health information and make sure that it is only shared where necessary
- Never leave devices unattended and always lock your screens when away from your desk
- Stop… Think… Click … Only if you know that URLs shared with you in an email have come from a credible source.
- Watch what you share on social media about work. Check Social Media policy
- Never use a USB whose source you cannot identify
- Take the time to understand cyber threats as it does touch your personal life too.