Donna Hall asks Tracy Pound about the risk of cybercrime and what dentists can do to protect their data…

The threat of cybercrime is very real – a third of
businesses reported cyber-attacks in the past 12 months*. Of those, almost a
half reported at least one breach or attack a month.

It can be tempting to think that only big companies or
organisations are at risk of such crimes, for example the global Wannacry
attack, which affected the NHS, Renault and FedEx in 2017. However, while these
may be the ones widely reported in the media, it is not always on such a large
scale or aimed at these kinds of businesses.

As dental practices hold a lot of personal information,
they can be a very attractive target for cybercriminals. To find out more and
ask for advice on how to mitigate the risk, I spoke to technology expert Tracy
Pound…

Donna Hall (DH): Are smaller businesses, such as dental practices, less likely to face cybercrime?

Tracy
Pound (TP):
No, cybercriminals will look for the route of
least resistance. Just like if you have an alarm at home, criminals will be
deterred from trying to break in, the same goes for cybercrime. If you have no
defence then they will attack and because you are small, they know that you are
less likely to have invested in cyber security measures so you’re a good target
to them.

Small businesses often don’t think of themselves as a
target because they think they have nothing worth stealing. But they do –
intellectual property, names and addresses, they might hold bank details for
customers or patients, and they might have historical information that
cybercriminals can use to impersonate them online.

DH: What can practices do to protect their patients’ data?

TP: Brainstorm
with your team to identify what data you have, where it is stored, who has
access to it and the risk of it being breached.

Put a cyber security strategy in place that answers the
following kinds of questions:

  • What data do we hold?
  • How could our data be breached and what would
    the consequences be?
  • What information is available on our website?
  • How are our electronic patient records secured
    – who has access and why?
  • Are those records backed up, and who has access
    to the back-ups?
  • How are our paper patient records stored? Could
    someone break in and steal them to create online personas and commit cybercrime
    that way?
DH: How critical is bringing in the whole team?

TP: You
have to involve everyone. Cyber security is not a technical issue per se, it’s
a human issue so it needs human beings to solve it – and that means all of your
team.

Educating your staff is key when it comes to protecting
your practice. Your weakest link will let the cybercriminals in and that may
well be human error. Some of the very big hacks on large companies have
actually been done via smaller sub-contractors.

DH: What can you do to stop a data breach?

TP: The
relationship you have with your IT company becomes ever more critical and they
should be recommending some basic control measures. For example, installing
anti-virus and anti-malware software on every machine and developing a Bring
Your Own Device strategy.

If someone is using a mobile phone which has access to the
practice’s emails, they need to be careful about what they are doing with that
device at home, but particularly in public places.

One of the big danger points is WiFi in public places, such
as cafés because anyone can pretend to be any WiFi network. I could set up a WiFi
hotspot on my phone and call it Costa Coffee and then other people in there can
use that network and I can then see all their traffic.

DH: Very interesting. Thanks for such an informative discussion, and plenty of things to think about how to stay safe.

*According to the Government’s Cyber Security Breaches Survey 2019

Get all blogs delivered to your inbox

By subscribing to our blog, you agree to receiving our monthly blog update and newsletter. You can unsubscribe at any time.
The security of your personal data is very important to us and we will never sell your data to other companies. You can read more about how we protect your information and your rights by reading our privacy notice.



First Name




The post Protect your practice from cybercrime appeared first on Practice Plan Blog.

Source link