The modern dental practice has to consider many things in order to be a successful business. Compliance issues, CPD and the myriad of policy documents that have to be maintained can leave even the most well-organised practice managers and practice owners feeling a bit overwhelmed.
In the middle of all this, the last thing a practice needs, is to be paralysed by a hidden enemy. Imagine the impact on your practice if you were suddenly locked out of your computer system or if all your data became encrypted and unreadable. Imagine the damage to your business if your patient and staff data were stolen.
It doesn’t matter if you’re a small dental practice or part of a larger corporate group, NHS or private, you are not immune to cyber-attacks. Cybercrime is big business and for many criminals, it’s very lucrative. The criminals don’t care who you are or what your business does or how many people work for you, they just want to find a way in. And if you have an internet connection then you are a potential target!
Here are my top tips for protecting your business…
1) Shut malware out
You wouldn’t leave your doors unlocked at night and invite burglars into your home and likewise, you wouldn’t invite cyber criminals into your business. But if you don’t protect your computers then that’s exactly what you will be doing. Malware is malicious software that infiltrates your PC or network without your consent or knowledge.
Apply the firewall and have an IT professional configure it correctly. On its own, this is not enough nowadays with the complexity of malware, but it does provide the first line of defence.
Protect the PC. A top performing antivirus software application will go a long way to keeping you protected, as long as you keep it updated with the latest version.
2) Clean up your email
Install anti spam. A top performing anti spam software application will significantly reduce unwanted email. It will block risks and reduce distractions for your staff. You can reduce the negative impact of spam by blocking it before it gets to your business.
3) Beware of social media
Hackers and cyber criminals are targeting social media more and more. With over 2.5 billion users worldwide it has become a relatively easy target. If you or your staff are using social media at work, then you are at risk. Educate yourself and your staff about the dangers of clicking links embedded in social media. That funny video might not be so funny after all and could potentially lock you out of your system and/or encrypt all your critical data rendering your business disabled.
Also, be careful what your staff put in the public domain. Be social but be smart. Avoid publishing anything that could compromise your business’s safety. Most dental practices are located within a community; staff may be ‘friends’ with patients or ‘friends’ with people in your patient’s social network. The damage that can be caused by one ill-advised post on social media can be incredibly costly and difficult to recover from.
4) Passwords, passwords, passwords
Passwords are a vital part of protecting your business network. The more characters you add, the stronger your password will be.
Insist on strong passwords. Many people worry about remembering complex passwords with numbers and special characters and this can lead to poor password practises such as writing them down on sticky notes etc.
The modern approach to passwords promoted by IT security experts is to use a thirteen or fourteen letter phrase or three completely unrelated words, sometimes separated by hyphens and sometimes not, e.g. together-monkey-merchandise.
These are actually much easier for a person to remember than passwords with numbers and special characters, and the powerful graphics cards that criminals use to check eight billion password combinations per second find them more difficult to crack.
Remember…change passwords fairly frequently and educate your team about why writing down passwords, storing passwords on cell phones, or using guessable choices puts company security at risk.
5) Lead by example
Sounds simple enough but you need to lead from the front and show your team the way by personally practising everything you preach.
6) Stay current
Cyber criminals and ransomware often rely on businesses running outdated software with known vulnerabilities. Seek advice on how to keep your software up to date. Vendors often release updates outside of the update cycle to react to known threats. The simplest way to do this, with the least amount of hassle and potential for something going wrong, is to let a quality IT support company manage this for you.
7) Choose an IT Security partner, not just a vendor
Select a vendor who understands the unique needs of security in a small business environment and make sure your partner offers security as a core part of their offer.
Vendors with a proven track record of years of defence against multiple threats, with knowledge of both small business and enterprise experience, can best support your protection.
8) Back up your critical data
Get into the habit of regularly backing up your critical data to a secure offsite location. Unfortunately, if you fall victim to a ransomware attack, all your data will be encrypted, and you will be locked out of your own business. If you have backed up your data, you will be in a much better position to recover from the situation and get your business functions up and running quickly.
9) Education and training
You can put IT security products in place but if you don’t configure them correctly or if you don’t educate your staff in matters of IT security then you are potentially wasting your time. Unfortunately, it doesn’t work the other way around, if you have really well-trained staff but don’t have quality IT security products you will still be vulnerable to attack.
Because cybercrime is dramatically on the increase, and because of the renewed focus on privacy and data protection with the new GDPR coming into force on 25th May 2018, it’s never been more important for all of the staff in your practice to be very aware of cybersecurity and issues of privacy.
You should build this into staff training schedules, induction, staff handbooks, contracts and your review processes to make sure you are maintaining knowledge and awareness across your staff group. You should also make sure staff are aware of the consequences of non-compliance. Ignorance is no defence.
10) Access control
Sounds simple but often forgotten about in smaller businesses. Only give access to areas in your system to people whose job roles need it, and when someone leaves make sure you revoke their access immediately.
11) Multi-layered approach to security
IT security experts around the globe always recommend a multi-layered approach. This is because one product can be guaranteed to be 100% effective against 100% of the threats 100% of the time. And with one million viruses released into the wild every single day this is not surprising. To get the right combination of products configured in the right way that is appropriate to your set up can be difficult for the non-IT person, so it may be wise to enlist the help of a quality IT support company.
If you feel you need some support in getting your IT security in place, you can contact Intrasource on 01482 628800 or lee.davison@intrasource.co.uk
Leave a Reply