Just locking your practice’s front door at night doesn’t mean your practice is totally protected from intrusion or threats. I bet you lock the back door, windows and employee entrance as well. But what about that thin, little wire that brings you the Internet. In today’s ultra-connected world with Internet access on everything from PCs to phones, you must take computer security precautions seriously or put your practice at risk.
Protecting your practice requires you to make network and data security a priority, especially now that more of your records, business transactions and data are digitized and accessible over the Internet.
Not a computer security expert? Here are 10 things you can do to reduce your risk and better protect your practice. Volumes of information have been written on computer security, and this list is certainly not a complete list of all the security safeguards available to you. However, these quick tips go a long way toward protecting you from the nastiness (and costs, time loss and stress) that await the unprotected.
The basic concepts, best practices and technologies below are things you should be familiar with and use in your network operations to keep things safe.
1. Your password is your friend.
I’m amazed at the number of offices I come across that don’t have passwords for their systems or have a standard password for everything. And to Dr.X (I’m withholding his name to protect the unprotected), I say, “You know who you are and have been warned!” You must require a password on every computer, all the time. Don’t let users share their passwords. Don’t write them on a little yellow piece of paper and tape them to your computers for all to see. Are you listening, Dr. X’s office manager?
2. Your name is a bad password.
As a rule, mix numbers, words, symbols and capitalization in your passwords. A good example is “G8D3nti5t!” (Think “Great Dentist!”) However, you can’t use that one now that I’ve told the whole world. See Rule #1 above. Create a variation of an easy-to-remember word or words, like your first car, pet’s name or favorite hobby. Many Internet sites already require passwords containing a mix of characters today, so why shouldn’t your practice’s security policy. Can’t remember all your passwords? Neither can I. Get a reputable password manager for your smartphone. They keep all your passwords close at hand, security encrypted and you can back them up somewhere safe in case you lose your device. It is worth the $.99 to $5.99 investment. And yes… you’ll need a password for password manager as well.
3. Keep up to keep safe.
Operating systems and applications, especially browsers, must be patched continually to protect against new threats. Keep up-to-date with updates for the software you rely on most.
4. Protect yourself from viruses your autoclave can’t kill.
Well, that might not be true. However, super-heating your hard drive until it melts will destroy a computer virus, but that will get expense. Antivirus software on every computer is a must, and each computer must have regular updates to its antivirus software. A quick check of your antivirus software will tell when the last time your protection was updated and when the last full scan was completed. Been a while for either one? Turn on your software’s automatic update feature and adjust the automatic scan schedule.
5. Wireless good!
Unsecured wireless bad! We all love free Internet access while we wait for coffee, our dinner and an oil changes. And yes, your patients will love you for it, too. However, leaving your Wi-Fi open for all to use puts you at risk. Configuring your wireless router so it doesn’t openly broadcast your Wi-Fi network for all to see will require a little work on your part. Plus, you will have to provide patients with the exact Wi-Fi network name and password your chosen. That, however, is a small price to pay to keep lurkers in the parking lot and the next-door beauty salons from stealing your wireless network and slowing your Internet access speed to a crawl.
6. Speaking of Wi-Fi…Wi-Fi for you, Wi-Fi for them.
If your practice is thinking of deploying wireless networking for your patients and your business use, guess what? You need two Wi-Fi networks—one for your patients’ use and a separate, isolated and secured Wi-Fi network for your business data. Don’t mix them or you could open the door to unauthorized access of your business systems. You can configure most quality wireless routers to create two networks to keep business and patient wireless traffic completely separated.
7. A firewall around your practice won’t burn patients.
Just the opposite—you’ll protect the sensitive information they’ve entrusted you with. A network firewall will act as a flaming drawbridge to your practice’s network, letting in the good and keeping your network out of reach from Internet nasties. But it has to be configured correctly. Don’t have a firewall? Get one ASAP. Otherwise, your network could become the next playground for hackers and malicious software prey on unprotected networks.
8. Filter your water and the Internet.
Most firewalls provide some level of Internet content filtering. That puts you in control of what your patients and staff can access while on the Net. X-rated photos and videos are not the sort of things you want your network used for. There have been cases where unsecured networks have been used to access illegal content and the networks’ owners were blamed. Internet filtering will also block malware (think robotic software that scurries around your network letting in hackers and doing damage) and questionable websites that are known to contain dangerous software. Internet filtering, just like antivirus software, is continually updated to protect from ever-evolving threats.
9. Email. You’ve got risk!
Be suspicious and only open emails from sources you trust. You would not open your door to a questionable stranger. Don’t open emails, click on links or open attachments from sources you’re not comfortable with. One simple click can open your PC and network up to malware (remember these?) attacks.
10. Data never dies.
Are you ready to donate that old PC or sell it on eBay? Are you sure you aren’t handing a stranger your patients’ sensitive data, credit card information and your financials? It is amazing what can be recovered from a hard drive because, (newsflash!) deleting a file does not make the data vanish completely. With a little know-how, files and data can be recovered from discarded or repurposed drives. Use a reputable disposal and recycling service that will electronically, or physically, shred your hard drives.