In honor of “wedding season,” we have a very important invitation for you…We formally invite you to save the dat(a), and keep your practice and patient data protected! Information security is a challenge for businesses of all sizes, which makes many people hesitant to take full advantage of advancing technology due to the potential implications of an information security breach. However, there are several ways to make sure your computers, your business’s data, and your clients’ data remain secure.
Of course, no checklist can 100% guarantee security, but there are best practices that can minimize the risks to your systems and data – here are 9 of them, recommended for dental practices of any size. Better still, these 9 steps can also be applied to any of your personal devices at home!
Vendors provide default usernames and passwords that are freely and easily available on the internet. These literally provide the keys to your systems and data. Just like giving your house keys to a stranger would leave your home vulnerable to break-in, failing to change your default passwords to something custom that only you know, leaves your systems vulnerable to easily being reconfigured or accessed without your knowledge.
Speaking of passwords, it can be tempting to reuse an old standby, but efforts should be made to use a different password for each system you access. If your computer login is the same as your customer database, email, bank account, and Facebook account login, an attacker needs only a single password to access everything. Different passwords will safeguard against this threat. Having multiple passwords does mean having more to remember, but not to worry! Software utilities, such as “Password Safe” exist to help manage passwords so you can easily keep track.
Creating complex passwords usually means having a minimum length, as well as using a combination of uppercase and lowercase letters, numbers, and symbols/special characters. Even when all those requirements are met, that doesn’t always mean you’re left with a strong password. For example,“Passw0rd!” will pass most complexity rules, but is relatively common and easy to guess.
As an alternative, pass phrases can be used as memorable, complex passwords that are unique to you and hard to guess. A passphrase is essentially a sentence with some substitution of numbers and symbols for some letters. Substitute a “3” for an “E” or an “@” for an “a” as an example, and it might look like “IL0v3physicalTher@py” or “P@ssphrases4Life!”
A firewall is typically a physical device that sits between the internet and your computers to prevent outsiders from getting to your computers and data. However, it can also be software on your computer – either included with the operating system, or purchased from an alternative vendor. If you have computers that you take home or use at other public locations (hotels, coffee shops, etc.) to perform business functions, ensure that the computer has firewall software installed, enabled, and configured.
Install and regularly update antivirus and anti-malware software one very computer (and server) you and your business use. Nearly every product in this space can be set to automatically check for and install updates – take advantage of this functionality for maximum peace of mind!
If someone can physically access your computers and network devices, there is no telling what harm could be done. Ensure your network devices are kept behind locked doors, and that only authorized people have access to the room.
If you’re using a computer in a public space, do not leave it unattended so that someone could attempt to install malicious software and/or hardware. Take your device with you when possible, and when it isn’t, take shifts and use #TheBuddySystem.
If you use wireless (Wi-Fi) in your business (or at home), make sure it is encrypted using the strongest encryption settings available to you and your systems. Currently this is WPA-2, but check with your IT support and/or wireless vendors for suggested settings.
Another way to secure your wireless network?Do not allow customers to use the same wireless network as your business computers. It is very popular to provide customers with internet access while they are waiting. If you choose to provide patients with this extra customer service, be sure these “guests” are provided an SSID (the name of the wireless network you see when you try to connect),which is different and separate from your business computers and data. For example,“DrSmith” vs “DrSmithWiFi_Guest.”
Using software that is supported means the vendor ensures that, as any security flaw or other problem is discovered, a patch is developed and applied. Once the software falls off support (i.e., is unsupported), your systems can be left vulnerable as new weaknesses are exposed and remain unpatched. Software vendors regularly provide updates to fix security problems and add or fix functionality. Ensure all software products capable of getting these updates are configured to do so automatically. For those who do not have this functionality, set a calendar reminder to check with the vendor periodically (e.g., once a month) for any new updates. This is the same basic function as having your antivirus software update regularly and automatically, only this is for other software such as your operating system and web browser of choice.
Policies help reinforce the importance of information security – and, depending on the types of data your business handles, they may even be required. There are hundreds of policies one could devise, but the following may help reduce common risks that could lead to a security breach: