In 2017, the World Economic Forum survey ranked cybersecurity as the biggest threat to a business. This is a risk deemed more threatening by top businesses than a fiscal crisis, financial bubble bursting and even terrorist attacks. The reason for this? According to the report, as the world grows more connected through technology, so do the threats. And with the number of estimated interconnected devices expected to more than double by 2020, the threat won’t go away anytime soon. The Securities and Exchange Commission says that small businesses are at great risk of attack, and the dental and medical communities are not immune. Just this summer, a Kansas City law firm filed a class action lawsuit against a children’s hospital after the private information of some 60,000 individuals was breached, as part of an email phishing scam that targeted hospital employees.
Here’s what you need to know to keep your practice safe:
Cyber-attacks can come from one of two places. The first is an outside attack, propagated by a malicious hacker from outside your company. This is a person whose goal is usually to take your company or your customer’s hard-earned money. Often an external cyber-attack can come in the form of a non-threatening, or even urgent, email from a supposedly legitimate source. This email will entice whoever has received it to input personal information such as passwords, credit card information, and even personal information, and can put your company and its customer’s security at risk. This kind of attack is called phishing, but it’s not the only cyber vulnerability you have to worry about.
Attacks on your system only require one click to do their dirty work, and that click can come from anywhere. Even an illegitimate website or a scam email, when done by a professional, can trick one into putting their guard down. After that, customer credit cards and identities could be at risk, or a “backdoor” could be created to allow a hacker into your system without a password, and without anyone ever knowing. You can even have access to important files or programs blocked until you pay the hacker if you accidentally install ransomware. And this isn’t the end of external cyber security threats. If you can think of a way a hacker can make money off of you, then hundreds of hackers have already thought of it years before you did. But the biggest threat isn’t external. Much like how the call comes from inside the house at the climax of a horror movie, your biggest cyber-security threat comes from inside your own company.
In a 2016 study on cyber security, IBM found almost 58 percent of attacks came from inside the company. Insiders, of course, may have special permissions or information that makes cyber-attacking easier. Insiders may be able to trick non-malicious employees into revealing their passwords or granting them special access. These risks are only heightened when too many unnecessary employees have access to privileged systems. But you don’t have to have an in-depth knowledge of computer hacking to be a risk, because most insider cyber-attacks are caused by underprepared employees.
Every day, over 4,000 cyber-attacks are attempted on businesses nationwide, and this number is only growing, according to the FBI’s Ransomware Prevention and Response. But for a hacker to get into a computer system, they don’t need intricate knowledge of what they’re looking for. They just need an under-prepared employee. As technology changes quicker and quicker, it becomes harder for many to keep up. Long-time employees who might be used to one system are especially at risk for unsafe practices, such as inadvertent password sharing and inability to recognize or stop a threat.
And this is every hacker’s dream – an employee who, through the best intentions, doesn’t even realize that they’re letting someone into your and your patients’ private information. These disasters can be mitigated, however, with a comprehensive plan.
First, it’s vital that your employees stay up-to-date with the latest cyber-security threats, what they look like and how to avoid them. Teaching employees to recognize suspicious links, keep their passwords private and difficult to figure out, and being able to tell if another employee is suspicious is a must.
Second, an updated security system is your best defense against an outside threat. A general rule of thumb is that hackers will always be up-to-date when it comes to cyber-security systems. This is how they know what to exploit. It’s up to you to stay ahead of the curve so that they don’t have the chance to exploit a weakness. Make sure that all of your computers’ drivers are updated and you have the latest anti-virus and firewall software installed. If you don’t know how to do this yourself, that’s perfectly fine. A reputable and experienced IT professional should be able to properly secure your system in a less than a day.
Finally, it’s important to remember that even the best-laid plans of mice and men often go awry. While training your employees and having a good defense will help in the long run, nothing is 100 percent because cyber-threats are always changing in unpredictable ways. To protect your patients, your assets and your business, a good insurance plan will go a long way.
Any good practice will have insurance for a slew of unpredictable events. If your business is near the water, flood insurance is a must, and on the West Coast, earthquake insurance is a no-brainer. Fire, theft and property damage insurance are all staples for peace of mind and asset protection. So, too, is cyber insurance.
A knowledgeable cyber insurance provider should understand all these pitfalls and the biggest threats to your practice. A good insurance provider will not only give you peace of mind with their expertise, but also with their coverage. Typically, a good cyber insurance policy should cover any legal fees and expenses caused by the cyber-attack, but this is just the beginning of the benefits of cyber insurance. By restoring compromised data or patient identities, a good insurance plan can make it like the attack never happened. Your insurance provider will notify your patients of the data breach and personal information that may have been affected them. This not only saves your company time, but it also saves face. After all, a mismanaged security breach can permanently ruin any company’s reputation, so it is absolutely vital to nip it in the bud quickly and effectively.
A key business strategy is to stay up to date with technology, especially in the medical sector, but as technology increases, so do the threats that come from it. Avoiding a cyber-attack may sound tricky at first – after all, hackers make it their job to stay one step ahead – but with careful planning, it’s possible to minimize the risks. Strong, up-to-date cybersecurity software will help keep hackers on their toes. When it comes to human risks, knowing who you hire, how to spot warning signs and proper training can be even more important than a good firewall.
Nothing is certain, however; and even the most comprehensive strategies are never fully airtight. But, you have a dental practice to oversee. You can’t concern yourself with security breaches all the time, and with a comprehensive insurance plan built by professionals, you can keep your peace of mind knowing that no matter what happens, you’re covered.
Burt C. Szerlip, Certified Insurance Counselor, is president of B.C Szerlip Insurance Agency, Inc., established in 1995 and specializing in all forms of insurance for healthcare providers. With more than 35 years of experience insuring healthcare providers, Burt understands the risk and exposures associated with today’s practicing dentist and through the B.C. Szerlip Insurance Agency, Inc’s large portfolio of the country’s premier insurers, he provides the utmost in affordable insurance protection. Burt Szerlip, President BC Szerlip Insurance Agency Inc., Little Silver, NJ., Phone: 732-842-2020; Email: email@example.com