Cybersecurity: Three Basic Steps to Secure Your Business

With the dawn of the Internet, it’s more important than ever to keep your therapy practice safe from cyberattacks. Implement these three basic steps to help you keep your information safe from prying eyes.

1. Know Your Data
Knowing what kind of data you’re dealing with is the first step to securing your practice from cyberattacks. Know what’s included in your data, where it’s stored and who should have access to it to keep it safe. Sensitive forms of data to keep in consideration are:

-Client credit card transactions

-Client mailing and email lists

-Client health or medical records

-Employee payroll records

-Employee email lists

-Business and personal financial records

-Marketing plans

-Legal, tax and financial correspondence

If your data stayed in one place, it would be easy to secure. But most breaches occur when data moves, so consider where data is legitimately shared to help keep it safe. Some examples would be:

-Financial institutions
-Other providers
-Insurance companies
-Government entities
-Outsourced services or contractors

Even if you have few or no employees, know who has access to sensitive data. Assign rights to specific people for specific data and keep those rights as relevant as possible. The fewer people with access to information, the more secure your practice’s information will be. Keep your data organized by recording its location, so you and your employees will know if something looks out of place.

Health care businesses are especially vulnerable to attacks because they don’t just deal with client information, but also with personal health information and many forms of personally identifiable information.

2. Learn to Recognize Online Fraud
Online fraud is any fraudulent request via an online platform for personal information. This often occurs through email, social media or online messaging. These requests may look like they are initiated by a legitimate business when, in fact, they are not. Let your patients know how you will and won’t ask for personal information so they can recognize fraudulent requests. Here are a few common online fraud tactics you may encounter.

Social Engineering
This tactic involves taking personal or business information posted to social networks, websites and blogs, and using that information to trick you into compromising your data. Those “Learn 30 Things About Your Friends” Facebook posts that ask you to answer silly questions and then share with friends are a perfect example of how easy it is for scammers to gain otherwise sensitive information and then use it to deceive you.

Phishing
Phishing involves dangling a ‘lure’ to gain usernames, and passwords, and other personal identifiers that can be used to access confidential information. Phishing is generally conducted through email, but can take other forms like texting and social media messaging. A common phishing tactic is taking advantage of natural disasters, economic concerns and health scares to gain access to online credentials and financial accounts. Common phishing scams include emails that claim to be from prominent authorities such as the IRS, the police, or even your computer manufacturer.

Malware
Malware is usually downloaded unknowingly when you open email attachments or download items. To protect your practice from malware, don’t download anything from a sender you do not know, and keep firewalls and antivirus software updated on your computers, smartphones and connected devices.

3. Review and Change Passwords Often
Your sensitive data should be protected by password-protected apps, pages and software. Review your password usage and change passwords often. Here are a few ways to keep passwords secure:

Do not use any words at all. Any passwords that consist of words, phrases, or personal information (birthdays or phone numbers) are by far the easiest to crack, and amount to handing your personal information out. Whenever possible, always use a password that contains a string of random numbers and characters.
Store your passwords securely. Online services such as LastPass can be great for this – they can generate secure, random passwords, and then store them for you, so there’s no need to memorize them.
Change your passwords monthly.
Keeping your therapist practice safe takes a little planning, but it doesn’t have to be difficult. With a little extra attention and hard work, you can keep your patient and practice information safe and secure.