ALLOCATE RESPONSIBILITIES IN YOUR DENTAL PRACTICE
As with any business activity, in computer security it’s crucial to identify what must be done and who will do it. Overall responsibility should rest with a senior manager who has a broad view of all the risks and how to tackle them.
Other individuals can handle particular aspects – for instance, installing security software. Management should identify the information and technology that’s really vital to the business, where the big risks lie.
For example, damage to your dental practices financial or clinical system, or the loss of your dental patient list, could lead to the failure of the business.
Other information may be less important. Equally, some computers are probably more critical, or more vulnerable, than others.
Identifying the risks, then establishing what security measures already exist and whether they work, and what extra ones are required, will help you to target your security efforts where they are most needed in your dental practice.
PROTECT YOUR COMPUTERS AND NETWORK IN YOUR DENTAL PRACTICE
Malicious activity could come from outside or inside your dental practice. Attacks from outside, for example by troublemaking hackers or competitors, can be protected against by installing a firewall.
This is software or hardware which examines all the computer communications flowing in and out of the business, and decides whether it’s safe to let them through. It can also be used to manage your staff’s internet activity, for instance by blocking access to chat sites where employees might encounter security risks.
You can set up (configure) the firewall to allow or prevent certain kinds of activity. There are several different kinds of firewall. The router supplied by your Internet service provider (ISP) may already have one built-in, or you can buy a software firewall solution. Protecting against illicit activity from inside the dental practice requires other precautions we’ll look at elsewhere in this supplement. All of these also provide extra protection against attacks from outside.
KEEP YOUR COMPUTERS AND DEVICES UP TO DATE IN YOUR DENTAL PRACTICE
Suppliers of PCs, software, and operating systems such as Windows frequently issue software updates (patches) to fix minor problems (bugs) or improve security. It’s essential to keep all your computers in your dental practice and other devices up-to-date with the latest patches. Normally, they can be downloaded and installed automatically. Remember that just one vulnerable computer puts all the others at risk. It’s important to ensure that all available patches are applied to all of them.
CONTROL EMPLOYEE ACCESS TO COMPUTERS AND DOCUMENTS IN YOUR DENTAL PRACTICE
Although your computers should be guarded by a firewall, you should still protect user accounts (each person’s ‘identity’ with which they log on to a computer) and sensitive documents with passwords. Because each individual should have a unique user name and a password, access to different parts of your IT can be limited to certain people. (Some individuals may have more than one user name and password, perhaps if they have multiple roles.)
This not only protects against accidental or intentional damage by staff to systems and information, it also provides further security against outside intrusions. To achieve this, you can use security options built in to operating systems such as Windows, or you can buy specialised software online.
Because you identified your biggest security risks and most vital information in Step 1, you can decide whether password control for a given item should be basic (for instance, one password authorising access to an entire computer) or stronger (each document or application requiring a separate password).
Some individuals designated as computer administrators (admins) may be given access to nearly everything, in order to perform technical work. You should keep the number of admins to a minimum. Security software will usually generate records showing which employees have used particular computers or documents at different times. This can be useful for pinpointing problems, but access to these records should, of course, be tightly limited – otherwise, people misusing the system could alter them to cover their tracks.
PROTECT AGAINST VIRUSES IN YOUR DENTAL PRACTICE
Malicious software or ‘malware’ (a category including viruses, Trojans and spyware) may not always be as devastating as the headlines suggest, but can still slow down your systems dramatically, and passing them on to customers will win you no friends.
Fortunately, there is plenty of protection available. Your computers may have been sold with anti-virus software (the generic term, although most products also protect against other kinds of malware). If not, you can easily buy it. This software regularly scans a computer in search of malware, deleting any that is found. Regular updates to head off new threats are key to anti-virus software. So this is one area where it does pay to stick to the big brand names and to ensure that the software is set to receive updates as regularly as possible (ideally daily).
EXTEND SECURITY BEYOND THE OFFICE OR DENTAL PRACTICE
Today’s employees sometimes work from home or on the road between dental practice sites using their own laptops, phones and tablets. It is difficult to extend the same level of security you can apply to office computers to these devices. But you can reduce risk by requiring any personal equipment used for work is approved. It should have the minimum of anti-virus software, password protection and (where applicable) a firewall.
And to protect against unauthorised access to information when a device is mislaid or stolen, it should be possible to delete all the information (“wipe” it) even when you don’t have the device.
This capability is built into newer models; software can also be bought to perform remote wiping, but this must be installed before the device is lost. Ensuring the sensitive data is kept in an encrypted area (see section 7) of the computer or device will stop most attempts to access data. This is easy to set up using off-the-shelf software. Beware of the dangers when connecting to unencrypted public wifi, as hackers can intercept data. Check the hotspot is genuine and make sure file sharing is off and the firewall is on.
REMEMBER DISKS AND DRIVES TO PROTECT IN YOUR DENTAL PRACTICE
Removable disks and drives such as DVDs and USB sticks pose security risks in two ways. They can introduce malware into your computers, and they can be mislaid when containing sensitive information. Ensure that as far as possible, only disks and drives owned by your dental practice are used with your computers. Discourage employees from using them in third parties’ computers (in Internet cafes for example), and set up anti-malware software to scan them whenever they are used in the office. Establish a routine to track who has possession of each disk or drive at any given time, and check that all documents are erased from them after use.
PLAN FOR THE WORST IN YOUR DENTAL PRACTICE
Following the measures in this guide will help you protect against a major security breach. But no system is 100% secure, so it’s worth planning what you’d do if things went badly wrong. First, define what is ‘major’ for you. Something that puts a non-critical department of the business offline for a couple of hours probably isn’t. But something that prevents you serving customers, or performing vital functions such as payroll, will be.
Establish how you will know that there’s a problem. You shouldn’t have to wait for computers to go down; your firewall or anti-virus software, for example, may provide advance warning that something unusual is going on. Plan your next steps. What help (perhaps a specialist computer company) should you call in? Do you need to contact key dental patients or suppliers to explain that there is a problem? Can some functions be continued using other computers, or pen and paper, while your systems are repaired?
Finally, ensure that it’s clear who is responsible for doing what in an emergency. Your plan can be laid out in a document, and delivered in training sessions. It may incorporate elements of your plans for other disasters, such as a fire on your premises, and cut-down versions can be applied to less damaging computer incidents.
EDUCATE YOUR TEAM ABOUT CYBERSECURITY IN YOUR DENTAL PRACTICE
Tell everyone in the business why security matters, and how they can help, using training sessions and written policy documents. This will encourage them to follow practices such as regular password changes. Most will not have to actively work at security. They’ll simply need to be aware of risks – for example, knowing that they should never click on a web link or attachment in an email from an unfamiliar source.
There are non-technical risks, too. One is social engineering, where hackers try to trick employees into revealing technical details that make your computers vulnerable. For example, a hacker might pretend to work for your computer supplier and claim they need passwords to perform maintenance. The casual atmosphere of social media such as Facebook could be conducive to such deceptions, so employees should be especially wary of discussing your systems and practices on social media.
KEEP RECORDS AND TEST YOUR SECURITY REGULARLY IN YOUR DENTAL PRACTICE
Security is an ongoing process, not a one-off fix. So it’s important to keep clear records. For example, the decision- making in Step 1 of this guide could help you produce a list of all your hardware and software, along with an indication of how secure each item needs to be.
Similarly, records of software patches and lists of authorised personal devices will help build up a picture of your business’s security status, spot potential weak points, and figure out how any problems arose. Good record keeping will also help you regularly test all your security measures, and ensure that you have functioning, up-to-date software. Any business is only as secure as its weakest link, and testing will make sure that no weaknesses are overlooked.
Further Information on Cyber Security Steps for Dentists
For further information and tips on how you can protect yourself online, contact us today!
To keep up to date with everything Samera, please subscribe to our YouTube channel so you never miss any of our video updates!