Do you protect your practice from the threat of cybercrime, or do you operate in blissful ignorance that it could never happen to a small dental office like you?
According to the U.S. Securities and Exchange Commission, small and medium-sized businesses are not merely targets of cybercrime; they are its favorite target. Three out of every five cyber-attacks specifically strike SMBs, and dental practices are especially at risk since healthcare information such as patient addresses and Social Security numbers is worth up to 10 times more than credit card data on the black market. Yet few practices have even the basic level of security in place to ensure there are no holes in the net.
Here are the top five security measures that you should have in place to protect your business and patient data.
1. Back Up Your Data
If you don’t back up your data, you’re leaving the door wide open for hackers to sneak in and steal your confidential information. How would you tell your patients that their personal records were there one day and gone the next? The lawsuits, data-breach fines and damage to your reputation don’t bear thinking about!
If you do nothing else, schedule regular data backups now. When your files are backed up correctly, you don’t have to worry about ransomware attacks (where a hacker encrypts your data and holds it ransom until you pay a fee), accidental damage, hardware failures or any of the host of data-loss disasters your practice potentially faces.
2. Keep Your Network Up to Date
Many ransomware attack like the recent Wannacry virus that debilitated Great Britain’s National Health Service could be avoided with a simple software patch or migration away from vulnerable older software. Therefore, it’s essential to update your systems frequently. If you’ve purchased a managed IT service, updates should be automated so you don’t have to worry about software patches.
3. Create an Acceptable Use Policy
All it takes is one employee opening up an email for hackers to gain access to your systems. An Acceptable Use Policy, or AUP, safeguards your practice by regulating how employees are permitted to use practice-owned data, devices, email and internet connectivity. More specifically, it’s a way to restrict the data your employees access and what they do online during office hours, with certain users given more “freedom” than others.
Whatever policy you implement, be sure to prohibit staff from checking personal e-mails on a work device or storing confidential information on cloud apps like Dropbox. These measures will block the usual gateways for cybercriminals to infect your network.
4. Insist on Strong Passwords
All devices should be password protected to safeguard your practice from unauthorized access, lost devices and improper record disclosure. The hardest passwords to crack are at least eight characters long and contain uppercase and lowercase letters, symbols and at least one number. Your AUP should require that employees change their passwords frequently — good values are 30, 60 or 90 days.
5. Don’t Cut Corners on Your Firewall
If your firewall, antivirus and content-filtering software are not up to date and configured properly, then you’ve lost your frontline defense against cybercrime. Firewalls block everything you haven’t specifically allowed to enter (or leave) your computer network. Be sure to install antivirus software on every computer, check it regularly and keep it updated.
Summing It Up
You work really hard to make your business a success — don’t risk losing it all to cybercrime. Establishing strong data backup schedules, firewalls, AUPs and password policies, and staying current with software patches, can significantly reduce your likelihood of being hacked as well as decrease the impact you’d face if you were hacked. Hackers prey on those with poor defenses. Don’t leave your security to chance.
