Get protected, simply and easily
From phishing scams that launch ransomware attacks to fraudulent emails that redirect financial funds, keeping your dental practice — and your reputation — secure from today’s threats can be overwhelming.
Yet, not prioritizing cyber security or believing a cyber attack won’t happen to you, are the worst things you can do.
And your professional peers would most likely agree. Recent data shows that 82% of healthcare organizations believe that digital security is a top concern. But simply deploying antivirus software and a firewall are not going to deliver the advanced defence you need to fight today’s cyber crime tactics. In fact, more than 50% of the healthcare industry scores lower than a C grade in security.
The reality is that the right combination of tools and best practices will help you put a strong and resilient security defense into place.
Identify, protect, detect, respond, recover
The best place to start is by assessing what’s at stake and where the cyber security risks may exist in your network and operations. Do you understand the threats that may be targeting your dental practice right now? Have you identified the cyber risks that may lead to unauthorized access to your operations?
To help you start building a safer dental practice, let’s look at the National Institute of Standards and Technology (NIST) and its cyber security framework. Each day, our team of cyber analysts and experts at Field Effect helps businesses and organizations implement best cyber security practices using the NIST framework as a guideline (we had a hand in shaping several national-level cyber security policies, including Canada’s Cyber Security Strategy).
This year, more than 50% of U.S. businesses will be using the NIST cyber security framework as a guideline to secure their operations. The NIST framework document, downloaded more than half a million times since its publication in 2014, outlines industry standards and best practices for cyber security in an effort to help organizations understand, manage and reduce their risks through customized security measures and cyber attack response and recovery strategies.
With the five elements of NIST’s cyber security framework in mind — identify, protect, detect, respond, and recover — here are a few tips to help you start securing your dental practice.
Identify your risks
It starts with visibility. With full visibility across the data, devices, computers, systems, and applications within your network, you can assess your risks and just how exposed your practice is to a cyber threat.
Identifying and assessing the risks that could impact your business are smart elements of a proactive cyber security plan. Doing a security assessment, something our Field Effect team provides free-of-charge, is a good place to start and will provide an in-depth look at your network and its behavior, identify weaknesses, vulnerabilities, and emerging threats, and anything that could lead to unauthorized access, and worse, a cyber attack.
Monitoring is another critical piece. Continual monitoring of your entire network for threats, vulnerabilities, and suspicious activity, using advanced threat monitoring and detection technology, is a must-do — and will also keep you in compliance with the Health Insurance Portability and Accountability Act (HIPAA) and its Security Rule for dental offices. Our Field Effect Covalence threat monitoring solution provides comprehensive 24/7 monitoring with actionable alerts that can be set up in just 15 minutes.
Remember, just as prevention is fundamental in dentistry, it also applies to cyber security. Research shows that 16% of small and mid-size enterprises (SMEs) admitted they had only reviewed their cyber security posture after they were hit by an attack.
Protect your business
Put security safeguards and protection in place and start by educating and training employees about best security practices.
A Brigham Research study, with support from Harvard Clinical and Translational Science Center, simulated email phishing tests on employees to evaluate the impact of cyber security awareness training. Through 95 simulated phishing campaigns that produced nearly three million emails, only 14% of employees clicked on the malicious links — this showed an increase in employee awareness and lower click rates, and the value behind employee training.
Use strong and unique passwords and follows guidelines for safe passwords (hint: the longer the better with a mix of letters, numbers and symbols).
Secure your network with strong multi-layered security, including antivirus, a firewall, and other web protection. If one layer of security is compromised, your additional layers will ensure data stays protected. Update your software and applications regularly to reduce the risk of cyber criminals taking advantage of vulnerabilities in outdated software versions. And always back up your network data using automated backup and recovery software to keep it safe and accessible.
Detect new risks and threats
The ability to identify and detect weaknesses, vulnerabilities, and potential threats is a powerful weapon against cyber attacks, yet a recent study shows that half of SMEs are struggling to detect incidents. Other data revealed that more than two-thirds (69%) of SMEs haven’t documented or identified cyber security threats.
Automated, 24/7 monitoring of your network provides multiple advantages to building safer businesses. It will help you stay ahead of the threats and risks that exist in your network, but also identify where you need to invest in security measures. Our Covalence threat monitoring solution provides sophisticated, purpose-built monitoring capabilities, as well as automated alerts and summaries that prioritize immediate risks and measures that may be needed down the road, allowing you to better plan and budget cyber security. We call these AROs — Actions, Recommendations, or Observations — and they help businesses just like yours continually improve their security health. The best news is that Covalence is designed to be simple to use and manage, providing threat information you can easily understand and take action on.
Respond to threats
Dental practices must have the ability to respond to cyber incidents and minimize the impact to their operations.
Many small businesses are too busy to tackle cyber security planning, and this includes ensuring they have steps in place to respond to a threat — or what the cyber security industry calls, “incident response” — but this one step can help you get back into operation sooner, save your reputation, and avoid or reduce HIPAA fines.
More than 1,000 SMEs were surveyed last year about incident response and nearly half, 48%, said they have no response plan for a cyber incident. Would you know what to do if you suspect someone has unauthorized access to your systems, and potentially your data?
Recover from an attack
Effective recovery from a cyber attack is critical to restore your capabilities and any services impacted. There must be a plan in place to coordinate the activities required — including recovery of systems and data, and investigation into the attack and breach to understand how the attack happened and to help improve security in the future.
If you don’t have a recovery plan in place or don’t realize the steps to take, you’re not alone — data shows that 43% of SMEs do not have a recovery plan for a cyber security incident.
Communications to patients and other third parties must also be part of your plan, especially if patient appointments should be cancelled or if personally identifiable information was compromised. Keep in mind that according to HIPAA’s breach notification rule, dentists are required to give notification when a breach has occurred that affects patient health information.
It’s important to know and follow the right steps for recovery following a cyber attack — and equally critical to understand how the attack happened so you can prevent another attack in the future.
Start securing your practice today with a free cyber security assessment
There is no time to waste. Data breaches in dentistry aren’t going away any time soon. Fortunately, there are ways to fight back.
Prevention is your best defence. We can help. Easily. Simply.
Contact our cyber security experts today for a free 30-minute security assessment and start identifying your risks.