“Never invite a vampire into your home, you silly boy. It renders you powerless!”
Kudos if you recognized this line from “The Lost Boys”. You might be asking what a quote from a 1987 vampire movie has to do with cybersecurity. Your practice’s greatest vulnerability is the way in which your staff uses their computers and the tasks they choose to perform on them.
In the I.T. world, tactics aimed at exploiting humans are referred to as social engineering - aka baiting, phishing, spear phishing, and pretexting. These “vampire” tactics are designed to intrigue, attract, entice, and even scare employees into extending an “invitation” through actions like clicks, visits, and shares. If an invitation is extended, the virus is welcomed into your practice, rendering the vast majority of your network security tools powerless to protect you.
A trained, cyber-aware staff is your best defense against these types of threats - or "vampires." Training should include the creation and review of an Acceptable Software Policy, as well as an Acceptable Use Policy.
Your Acceptable Software Policy is simply a documented list of software that you, as the business owner, have approved to be on your network. This list should be specific and include any software needed to perform office duties and tasks - things like practice management software, imaging software, even office products like Word and Excel.
Things like games, file sharing applications, toolbars, and coupon printers should be excluded from this list and thus from any computer on your network.
You can search the Internet for sample Acceptable Use Policies to get you started. Here are 3 specific items that should be included in your Acceptable Use Policy:
- Do not check personal email using practice property
- Do not visit personal social media sites using practice property
- Do not log in to personal online banking accounts using practice property
Be extremely cautious of links and attachments in emails, sensationalized posts or offers in your social media feeds, and phone calls from “companies” wanting remote access to clean up a virus or speed up your computer. When in doubt, defer to your chosen I.T. partner.
If you’d like our help implementing HIPAA in your dental practice, we’ve created a short Cybersecurity Awareness Training Program specifically for dental teams. Join our online HIPAA community for dentists at bitesizehipaa.com. Explore and learn for 60-days on us! Give us a little bit of your time and we’ll teach you about the HIPAA law, why it exists, and how – if done right – you can protect your patients and your practice from the very real threats that inherently exist in today’s dentistry.