Unfortunately we don't all have a DeLorean to go back in time and fix our mistakes. When it comes to cybersecurity, being vigilant and aware of the signs is critical for preventing an attack.
1. STOP Take a breath and resist taking an immediate action as soon as you receive an email or text.
2. LOOK Check for anything unusual (different spelling, grammar mistakes, an offer too good to be true).
3. THINK If something looks "phishy" then report it immediately to your IT department.
1. Train your staff.
Establish a "Safe To Open" email policy. Teach your office personnel and all staff that if an email is marked "STO" it is safe for anyone at your office to open it.
2. Test your internal email system.
Set up false emails with the intent of testing your staff to see if they will react to fake emails claiming to need patient information. Teach your staff about the Phishing alerts or Reporting spam through your email provider.
3. Lock computer screens.
Remind everyone at your practice to log off or lock their computer, tablet or device when stepping away from them to ensure no one can access information. Set up a global sleep timer of 5 minutes inactivity (or less if necessary) on all office computers.
4. Don't reuse passwords.
Setup different passwords for different systems, especially those storing patient data. Safeguard each platform or software from multiple entry points if a hacker were to crack your passwords.
5. Protect USB and external drives.
If you use USB flash drives or other external storing devices, beware of where you plug them in. Be sure to encrypt patient data or require two factor authentication before accessing files where possible. Keep flash drives locked up when not in use.
6. Understand social engineering.
Hackers have learned how to use social tactics for convincing people through phone calls, texts and emails that something is safe or valid. Train your staff on all the options that hackers have to gain your trust and access sensitive information.