What cornhole can teach you about cybersecurity

 The Alliance Risk Management, Vendor Oversight and Cybersecurity Value Visit was in Dallas last month (September 13-15). Given the location, it’s probably no surprise conference attendees stumbled upon a cornhole court during the outdoor reception on Thursday night.  Given the camaraderie Alliance members always share during our meetings, it’s probably no surprise a friendly tournament began immediately, pitting members from Wisconsin and Ohio against delegates from Georgia and Massachusetts.  For the record, Manji (who had never played before), dominated the field and effortlessly tossed bean bags one after another into the hole.  He was closely followed by the “Lisa and Lisa” team.  (If you are not familiar with cornhole, you can check out the official rules from the American Cornhole Association.)

The importance of teamwork

That camaraderie was the hallmark of this value visit from start to finish: We brought leaders in enterprise risk management together with those responsible for vendor oversight and cybersecurity to talk about all the threats we face every day, and what we’re doing to mitigate the risks.  Teamwork was a central theme—all of these efforts are multi-faceted, overlap in scope and aim, and require a multi-disciplinary team effort to maintain an effective program.  This theme was first presented by Paramount Health Plan’s Jonathan Burns, and echoed by Health Alliance Medical Plans’ chief compliance and risk officer and their director of information security. All three presentations dug deep into the critical role cross-functional committees play in these efforts and shared detailed organizational charts that outline how they keep lines of communication open between central departments and leaders.

It wasn’t all fun and games: Mac McMillan, president of CynergisTek, urged all attendees to ensure they have executive buy-in when it comes to ensuring security, and reminded attendees that IT security experts believe that a successful cyberattack on U.S. critical infrastructure will happen within two years, and only about 26% believe we’re actually ready to handle such an attack.  Aaron Wishon, CISO with Cook Childrens Health System, shared multiple ideas on how to operationalize a culture of security awareness with your organization. Network Health’s dynamic CIO and VP of administrative services again underscored the value of bringing multiple stakeholders to the table—and keeping them there long-term—to ensure your security program is robust and does more than check the box for compliance.

While we may not get together for cornhole again until 2018, this group of risk managers and information security experts is excited to collaborate well before then on a standing peer group conference call.  The Alliance is developing that programming now and will announce the first call date soon.  In addition to sharing best practices and lessons learned, this group will explore the potential of developing a member-to-member audit program for privacy and security programs at our member health plans.  Stay tuned for the call dates and join us to weigh in on how we can continue to support one another—both on and off the cornhole court.

To access the presentations and podcasts from the 2017 Risk Management and Cybersecurity Value Visit, visit the document tab on the event page.