Many small- and mid-sized practices struggle to protect their patient data, often neglecting a critical component in their security strategy. If your medical practice still follows one or more of these bad security practices, correct them as soon as possible. As always, Tier3MD is here to help!
Having open wireless networks
I see this often. It is the one password that rarely gets changed. With just one main internet line and a couple of wireless routers, an entire office can get online. A wireless internet connection saves money, but there’s a risk that it might be unsecure. Do you remember the last time you changed your wireless password? Have you had any “at risk” employees leave since you last changed it?
It’s not enough to plug in a wireless router and create a basic network to secure your wireless network. If you have an open network, anyone within range can connect. With simple tools and technical know-how, cybercriminals can capture incoming and outgoing data, and even attack the network and any/all devices connected to it.
Ensure that all wireless networks in the practice are secured with very strong passwords. Many internet service providers that install hardware when setting up networks will often just use an easy-to-guess password for the router. Change this password immediately to minimize the risk of unauthorized users gaining access to your network. Make a schedule to change it on a regular basis.
Do you have unsecured email?
Please don’t tell me that you still use AOL in your practice! Every time I see an AOL or Hotmail email come through I cringe! If you have implemented a new email system, like Office365 in the past couple of years are most likely secure. This is especially true if they use cloud-based platforms or well-known email systems like Microsoft Exchange, which offers enhanced security and scanning.
The practices that are at risk are those using older systems like Post Office Protocol, (POP3) or systems that don’t encrypt passwords (also known as “clear passwords”). If your system doesn’t support encryption, anyone with the right tools can compromise your network and steal your patient data.
Having unsecure mobile devices attached to your network
Do you have a BYOD policy? This is Bring Your Own Device. Some practices allow employees to hook their phones up to the wireless network, or use their personal computers. Mobile devices help you stay connected and productive while out of the office. However, if you use your tablet or smartphone to connect to office systems without proper security measures in place, you run the risk of compromising your networks.
Imagine you have linked your work email to your smartphone but don’t have a password enabled. If the device goes missing, anyone who picks it up can have access to your email and your sensitive information. The same applies if you install a malicious mobile app. If you use this same device to connect to your company’s network, the malware will spread across your systems and disrupt your business operations.
Ensure that employee devices have adequate security, such as passcodes, and your company has sufficient security policies in place to regulate their use. Lastly, implement mobile device management solutions to prevent employee devices from being a security risk to your network.
Not maintaining your anti spyware and anti malware software
This should be automatic from your Managed Service Provider (MSP). Anti-malware software needs to be properly installed and maintained if they are going to stand a chance of keeping your systems secure.
If your anti-malware scans are scheduled during business hours, some employees may just turn the scanner off because it slows down their computers. This makes your systems vulnerable to malware.
The same goes for not updating your anti-malware software regularly. Updates are important for anti-malware applications because they implement new databases that contain recently discovered threats and fixes.
Not having proper firewalls
Please do not confuse the router you get from your internet service provider as a secure firewall. A firewall is a network security tool that filters incoming and outgoing network traffic and protects data from being accessed from outside the network. While many modems or routers include firewalls, they are often not powerful enough for business use.
Get a firewall that covers the whole network at the point where data enters and exits (usually before the routers). These are business-centric tools that should be installed by an IT partner like a managed IT services provider for them to be most effective.
How you can ensure proper business security
The best way to secure business systems and networks is to work with an IT partner like us. Our managed services can help you set up cybersecurity measures and ensure that they are managed properly. Tech peace of mind means you can focus on growing your business. Contact us today to learn more.