In honor of “wedding season,” we have a very important invitation for you…We formally invite you to save the dat(a), and keep your practice and patient data protected! Information security is a challenge for businesses of all sizes, which makes many people hesitant to take full advantage of advancing technology due to the potential implications of an information security breach. However, there are several ways to make sure your computers, your business’s data, and your clients’ data, remain secure.
Of course no checklist can 100% guarantee security, but there are best practices that can minimize the risks to your systems and data – here are 9 of them, recommended for dental practices of any size. Better still, these 9 steps can also be applied to any of your personal devices at home!
1. Always Change Your Default Passwords
Vendors provide default usernames and passwords that are freely and easily available on the internet. These literally provide the keys to your systems and data. Just like giving your house keys to a stranger would leave your home vulnerable to break-in, failing to change your default passwords to something custom that only you know, leaves your systems vulnerable to easily being reconfigured or accessed without your knowledge.
2. Do Not Reuse Passwords
Speaking of passwords, it can be tempting to re-use an old standby, but efforts should be made to use a different password for each system you access. If your computer login is the same as your customer database, email, bank account, and Facebook account login, an attacker needs only a single password to access everything. Different passwords will safeguard against this threat.
Having multiple passwords does mean having more to remember, but not to worry! Software utilities, such as “Password Safe” exist to help manage passwords so you can easily keep track.
3. Choose Strong Passwords by Using Passphrases
Creating complex passwords usually means having a minimum length, as well as using a combination of uppercase and lowercase letters, numbers, and symbols/special characters. Even when all those requirements are met, that doesn’t always mean you’re left with a strong password. ? For example, “Passw0rd!” will pass most complexity rules, but is relatively common and easy to guess.
As an alternative, passphrases can be used as memorable, complex passwords that are unique to you and hard to guess. A passphrase is essentially a sentence with some substitution of numbers and symbols for some letters. Substitute a “3” for an “E” or an “@” for an “a” as an example, and it might look like “IL0v3physicalTher@py” or “P@ssphrases4Life!”
4. Protect Your Network & Computers With a Firewall
A firewall is typically a physical device that sits between the internet and your computers to prevent outsiders from getting to your computers and data. However, it can also be software on your computer – either included with the operating system, or purchased from an alternative vendor.
If you have computers that you take home or use at other public locations (hotels, coffee shops, etc.) to perform business functions, ensure that the computer has firewall software ☑️installed, ☑️enabled, and ☑️configured.
5. Protect All Computers/Servers with Antivirus & Anti-Malware Software
Install and regularly update antivirus and anti-malware software on every computer (and server) you and your business use. Nearly every product in this space can be set to automatically check for and install updates – take advantage of this functionality for maximum peace of mind!
6. Physically Protect Devices From Unauthorized Individuals
If someone can physically access your computers and network devices, there is no telling what harm could be done. Ensure your network devices are kept behind locked doors, and that only authorized people have access to the room.
If you’re using a computer in a public space, do not leave it unattended so that someone could attempt to install malicious software and/or hardware. Take your device with you when possible, and when it isn’t, take shifts and use #TheBuddySystem ?
7. Secure Your Wireless Network
If you use wireless (Wi-Fi) in your business (or at home), make sure it is encrypted using the strongest encryption settings available to you and your systems. Currently this is WPA-2, but check with your IT support and/or wireless vendors for suggested settings.
Another way to secure your wireless network? Do not allow customers to use the same wireless network as your business computers. It is very popular to provide customers with internet access while they are waiting. If you choose to provide patients with this extra customer service, be sure these “guests” are provided an SSID (the name of the wireless network you see when you try to connect) which is different and separate from your business computers and data. For example, “DrSmith” vs “DrSmithWiFi_Guest.”
8. Only Use Supported, Regularly Updated Software
Using software that is supported means the vendor ensures that, as any security flaw or other problem is discovered, a patch is developed and applied. Once the software falls off support (i.e., is unsupported), your systems can be left vulnerable as new weaknesses are exposed and remain unpatched.
Software vendors regularly provide updates to fix security problems and add or fix functionality. Ensure all software products capable of getting these updates are configured to do so automatically. For those who do not have this functionality, set a calendar reminder to check with the vendor periodically (e.g., once a month) for any new updates.
This is the same basic function as having your antivirus software update regularly and automatically, only this is for other software such as your operating system and web browser of choice.
9. Implement Basic Security Policies
Policies help reinforce the importance of information security – and, depending on the types of data your business handles, they may even be required. There are hundreds of policies one could devise, but the following may help reduce common risks that could lead to a security breach:
- Removable media policy: Restrict the use of USB drives, external hard disks, thumb drives, and any other writeable media.
- Password policy: Require unique, strong passwords that must be changed periodically.
- Appropriate use policy: Define appropriate computer and internet use, including that only authorized software may be installed on business computers.
- Data handling and retention policy: Define how to handle and protect customer information and other vital data. When the data is no longer needed, define appropriate methods for securely disposing of the data.
If you are uncertain about any of these suggestions, contact our expert teams and we’ll be happy to help answer any questions you may have. We can also connect you with local, dependable IT support through our Preferred Hardware Provider Program.
Do the right thing by your practice, your team, and your patients, and “RSVP” yes when it comes to safeguarding your data.