At the time of this writing, a number of states in the eastern US are in the grip of gas shortages resulting from a cyber attack on a major pipeline. While the situation should resolve by the weekend, it has a great many people asking questions about digital security and best security practices for their businesses.
No industry is immune to or exempt from a cyber attack. Dentists offices are in fact particularly vulnerable, as they are generally small businesses reliant on integrated in-office networks in order to function. Whereas a few decades ago a ransomware attack or other event resulting in the computers being unavailable would have at most cost an office their schedule for the day, now such an attack can remove your ability to make patient notes, operate key equipment, take x-rays, and perform other basic tasks.
So what can you do to protect your office from cyber attacks and otherwise improve your digital security? Digital security for dental offices is a complex question and greatly depends on your situation and needs, but we have some solid foundational ideas for you that will form the core of your business’s best practice.
Let’s start with a fundamental practice: ensuring that all of your software and your operating systems are up to date. Updates can be a real inconvenience in an office setting, particularly when multiple machines or devices are involved, but they’re vital in ensuring that your security is working as it should. Double-check periodically and make sure that everything is updating on schedule.
Another fundamental is having a good backup, which is regularly updated and can be implemented quickly should the worst occur. A good backup requires regular maintenance and testing and thus may require you to hire professional help. However, the potential time and money saved more than justifies the expense, as so many businesses find out too late.
A key rule of thumb in security is the “least access necessary” principle, which in essence says that staff should have the least access necessary to do their jobs well. This may involve ensuring that your in-office server is locked away such that not everyone can access it directly. It may involve giving most users on your network limited privileges. Your IT team can help you with the specifics, but “least access” is a way of limiting the potential for damages, malfeasance, or mistake by ensuring that no one has unnecessary power or privileges within your network. Likewise, when employees leave your office for opportunities elsewhere, ensuring that their login credentials and access are promptly removed may prevent bad things from happening.
Staff training is another must, and for everyone involved. Your staff should know the best practices for using in-office computers and your network. Examples include not checking personal email or social media on company-owned machines, not installing new software without permission, and being wary of downloading files, particularly from unknowing or unsolicited emails. These are all good ways to help keep viruses, ransomware, and other malware from shutting you down and costing you money.
Finally, ensuring that you have good security software in place is a big step. Solid anti-virus and anti-malware protection are a must. Such software should scan incoming downloads and emails, helping to prevent evildoers from infecting your system. A good firewall for your entire network is another key security step, as it will help prevent unauthorized access to your system. Again, larger offices may need professional help with this, but it’s well worth the expense.
The goal of this blog isn’t to instill the fear that a cyber attack is lurking around every digital corner, but rather to raise awareness of the potential hazards and give you some ideas for mitigating them. Digital security is a must for dental practices of every size and employees on every level, so taking a little time to learn more can save a great deal of time, money, and heartache in the long run.
