Do you know if your employees are keeping your data safe? In any Practice, big or small, employees can be your biggest IT threat, and they might not even realize it. Practices already face countless cyberthreats, like data breaches, ransomware attacks, cyber-attacks, online viruses and malicious e-mails. But despite all these outside threats, the real problem can come from the inside…your own employees. Because of the amount of trust you have for them, they would be the last people you would think could damage your practice. Believe me, it is not intentional!
Your Employees are Dangerous!
One of the biggest threats to your Practice’s security is simply a lack of awareness on the part of your employees. It comes down to this: your employees just aren’t aware of current threats or how to safely navigate e-mails and the web. They might not be aware when they connect to an unsecured WiFi network or if they’re using a firewall. They may be haphazard in all things IT. There are a lot of variables.
Your best defense, in this case, is training and education. Get all of your employees on the same page. Look at your current training and find the gaps or start putting together training if you don’t have it. You want a training program that covers all your bases and gives your employees the knowledge and tools they need to keep themselves and your practice secure.
(Don’t know where to begin? Work with professional IT specialists, like Tier3MD. We know what your employees NEED to know!)
Another major security threat is phishing e-mails. On any given day, you and your employees can be on the receiving end of dozens, if not hundreds, of fraudulent e-mails. Data from Symantec shows that 71% of targeted cyber-attacks stem from phishing e-mails. While awareness regarding phishing scams is better than ever, it’s still far from perfect. And it doesn’t help that phishing e-mails have gotten more advanced.
Phishing e-mails are typically disguised as messages from a legitimate source, such as a colleague, a bank or an online retailer. They try to trick recipients into clicking a link or opening a file (which you should NEVER do if you are not 100% sure about the source). But there are easy ways to identify scam e-mails:
- They’re impersonal. They may be addressed to “customer,” “to whom it may concern” or “my friend.” But be careful – sometimes they are addressed properly and use your name.
- They’re full of spelling and grammar errors. Not every phishing e-mail will have these errors, but it’s good to read e-mails word for word rather than just glancing over them. Unusual errors often mean a scam is lurking.
- The “from” e-mail address is unfamiliar. This is one of the easiest ways to pinpoint a scam e-mail. Look at the sender, and if the address is filled with numbers, letters, misspelled words or is weirdly long, there’s a good chance it’s from a scammer.
Contact Tier3MD to have them test your employees!
The other major issue facing your Practice is your employees connecting to unsecured WiFi hot spots. It is such an easy mistake to make. Whether it’s a remote employee or an employee working during lunch at a corner café, you never know when they might connect to unsecured WiFi (it doesn’t help that it’s everywhere these days). One Spiceworks study found that upward of 61% of employees connect to unsecured public WiFi while working remotely.
The problem is, you never know who is watching or if the public WiFi is really the network you intend to connect to. Hackers can easily set up a “fake” network to divert traffic to their hot spot to circulate malware and steal data.
Another WiFi threat might be right at home. If you have employees who work from home, you need to make sure their home WiFi connection is secure. Too often, homeowners leave their WiFi wide-open because it’s home. They think no one’s going to sneak onto their WiFi or they keep it unsecure because it’s easier to connect a lot of devices.
While it might be easier to connect to, it can cause huge problems. For one, WiFi signals can reach hundreds of feet. It’s easy to sit outside of an apartment or out on the street and find dozens of WiFi signals. If any of these signals are unsecure, a hacker can sit outside undisturbed and go to work accessing data and planting malware.
It all comes back to this: Work with your employees to establish IT best practices. Educate them on threats and how to protect themselves and your company. Help them develop a positive IT security mindset at the office, at home or anywhere they work, whether they’re using company equipment or their own.
Don’t know where to start? Don’t worry – one phone call and we can help get you started. Don’t wait. Let’s secure your Practice today.
Sheryl Cherico is the CEO of Tier3MD, and Discovery Computers and Forensics.