From the Winter 2020 Journal of the Colorado Dental Association
Computer hackers are online security “experts” who find weaknesses in computer systems and then exploit the flaws, typically for malicious intent. Nothing good happens after that if your system is compromised. And a compromised system or machine usually results in time and money lost, in addition to lost productivity and strained client/patient/colleague relationships. The end of 2019, unfortunately, brought cyber security issues and worries for over 100 dental offices in Colorado, forcing several dentists to temporarily close their offices, pay tens of thousands of dollars in ransom and/or start their patient databases over from scratch.
Major cyber breaches happen every year. They can happen to a small business or a massive corporation. Chances are that every person reading this article has had to at least cancel a credit card due to a cyber security issue. As hackers become more sophisticated, your IT systems must also become more sophisticated. It’s easy to get lazy, avoiding that system update that is going to take 10 minutes to complete, using dated equipment that doesn’t support the latest versions of software, letting your antivirus subscription expire, and more. In the April issue of the Journal, the CDA will provide a comprehensive look at how you can best protect the cyber portion of your practice. Below, please find answers to many of the common questions recently received at the CDA.
Are firewalls and antivirus software enough to keep us secure?
The days of simply relying on firewalls and antivirus software to keep cyber criminals out of your network are over. If these devices were so effective at protecting data, there would be no data breaches. With the continued sophistication of cyber hackers, antivirus software can be completely disabled, allowing unauthorized access to your network. It takes greater measures, in addition to antivirus software, to properly protect your computer system.
There have been several IT companies recently targeted by cybercriminals—could my IT company be next?
The FBI and Department of Homeland Security posted a bulletin in the fall of 2018, warning IT vendors that Advanced Persistent Threat actors (APTs) are targeting IT firms to exploit their information to attack their client base. Because IT vendors typically store their clients’ IP addresses, usernames and passwords in their databases, a breach could give cybercriminals access to your system. Be sure to contact your IT provider to ask what security measures they have in place to protect you and your patients.
Is an IT company and cybersecurity company the same thing?
The short answer is that it depends on the company you’re working with. That said, it is important to understand that IT companies are not necessarily cybersecurity companies. IT companies are great resources to integrate all your machines and set your office up with email and the software needed to run your practice. Their expertise may end there and you may need to find a specialized vendor to audit your IT security. A cybersecurity company can scan your network to find vulnerabilities and then work as a team with your IT company to correct any issues detected. They can also:
- Perform an audit of your existing policies and procedures;
- Provide you with quarterly vulnerability scans of your network;
- Conduct live employee training to educate your staff on the latest threats and learn how to prevent them;
- Have penetration testing conducted on your network, which involves using an “ethical hacker” who tries to discover vulnerabilities that were not previously found.
What is a Human Firewall?
Most people are familiar with the term “firewall,” which is a hardware device or some type of software on your computer. A “human firewall” focuses around the ability to train employees well enough that they can help secure your practice’s network. Well-trained employees will be able to help protect your network by being knowledgeable and diligent about the latest threats. Statistics indicate that nearly half of the attacks on networks are due to some form of employee negligence (falling victim to a phishing scam, social engineering, etc.). It is common to hear about an email system getting hacked and then the hackers (pretending to be you) send emails to your contacts/patients with malware attached. These hackers are getting very creative to trick you into opening emails or attachments, making staff awareness and education very important.
Many steps go into proactively protecting your practice from criminal hackers. It takes far less time and money to effectively protect your computer system than to recover your system from a cyberattack.
The CDA would like to thank Sue Griffin, COO of Black Talon Security, LLC, for providing information to this article.