The best way to keep your network safe is really very simple. Education of your staff, and training of your staff. You can spend thousands of dollars on the best software out there, but unless your staff is educated and trained, you will be at risk.
What to train them on
- Recognizing Phishing schemes. These usually show up in the form of emails, or pop up windows. They are made to look exactly like a reputable bank or business. They are almost perfect. Just remember, a bank, paypal, etc. will not send you an email to login in and update your personal information. Anytime you receive an email, tweet, pop up window, etc., asking for personal information, be suspicious. Anytime they want you to “click here”, be suspicious. It never really happens that way.
- Make sure you PC is up to date with the latest virus definitions, and that it scans each night. A lot of my clients like to shut their PC’s down at night, and I highly suggest you don’t. At night is a good time to scan your PC for viruses and malware because it could slow you down while you are working. Many times our helpdesk will get a call that their PC is very slow. After a little investigation, we find out a virus scan kicked off at noon. In addition, Microsoft puts out critical updates on Tuesday nights, and you certainly don’t want to miss those. Don’t be afraid to leave your PC on.
- Have good policies in place, and train the staff on what those policies are. Having a good password policy is not only a HIPAA requirement, it’s a great way to protect your PC, as well as your individual login. A little tip I give the users to help them stay secure yet remember their passwords is to use numbers in place of letters. For example: an “E” can be a “3”, and an “L” can be a “1” and and “I” can be a “!”. The word Linkedin would be: 1!nk3d1n. No one is going to guess that!
- Remember to train new employees! I’ve seen this over and over, where the staff gets trained once per year, and the new employees get a quick overview on the important aspects of protecting patients. Remember to thoroughly train new staff not only on policies of the practice and HIPAA, but on cyber security, and keeping their computers safe.
- Back up your work. No one is perfect. People will make mistakes and it is very difficult on that employee to take the weight of bringing down the network because of their mistake. We certainly don’t want to put anyone in that position. If you have a good backup, your practice could be back up and running in no time. Your IT department can help protect your users by making sure backups are performed regularly, and tested to make sure they are working on a daily basis.
Training your employees is one of the most important ways to keep your network safe. Remember, your staff is medical, not technical. They just need to understand how to protect themselves. They don’t keep up on the latest viruses. The IT staff does. Have them send out memo’s about new threats and what to watch for. Help them recognize strange behavior, and what a Phishing scheme would look like. Utilize your IT staff for help. It really is the best way to keep your network safe.