3 steps to help your practice avoid ransomware

2018 10 25 23 22 3043 Zlatin Alex 400

Every industry is constantly exposed to scammers and fraudsters. Since the internet has been around, people have attempted to obtain money through various sneaky methods. Who hasn't received an email claiming that a distant relative has passed away and, apparently, left $3.8 million that needs to be claimed? However, scammers' methods have evolved as technology has evolved.

Some of the more recent scams include the following:

Alex Zlatin, CEO of Maxim Software Systems.Alex Zlatin, CEO of Maxim Software Systems.
  • Emails from your "CEO" or company executives who are asking you to send a certain amount of money as they got stuck during their trip
  • Emails from potential job candidates who are sending their resume as a password-protected document
  • Invoice documents that need to be opened right away
  • Emails about a Microsoft Windows issue that now requires you to relinquish control of your computer to the Microsoft Technician to fix
  • Of course, the quick romance invitations

The scammers are getting smarter and have learned how to try to ensure that their victims fall for their offering and click that link or open that document. The email from the CEO uses that concern and brings out an obligation to look into this and assist. The fear of computers being infected is a major reason to just allow the friendly technician to take control of the computers. It is these emotions that get us to open up and trust enough to get scammed.

The introduction of cryptocurrency (such as bitcoin) has created an environment where money is untraceable and online fraudsters are using this method to receive money and hold the user hostage.

In essence, ransomware is a piece of software that encrypts the files on a computer (or network). After encryption, a message appears, saying that the practice will be able to decrypt the files if the fraudsters are sent a few bitcoins. After payment is sent, however, there is no guarantee that the files can be decrypted.

The fact is that, really, it does not matter if a practice is able to decrypt files or not. The fact that patients' data have been exposed is enough for a practice to go through the very unpleasant experience of notifying the regulator, all the patients, and the relevant privacy commissioner. As someone who has assisted four dentists going through this process, I can testify that every practice should make a genuine effort to prevent being a victim of ransomware.

3 steps

So, how can a practice protect itself and its patients? Dental teams can take three basic steps today to ensure their practice is safe.

1. Training

Nothing beats prevention when it comes to scams. A dental team members are professionals in their particular areas, but they are not cybersecurity experts. Making them aware of the variety of scams is the first and most important step toward reducing the chance of getting hit by ransomware. It is imperative to speak with the team constantly and remind them that it is better to not open an email if it looks suspicious.

2.Operating system updates

Operating systems release constant security updates. So, it is important to ensure that all the computers in the practice are updated to the latest release. Scammers will take advantage of older operating systems and utilize all their weaknesses. Updating computers must be one of the regular tasks that are scheduled throughout a practice's processes.

3. Backup

When disaster occurs, a practice should have a clear plan of action that will help it return to normal operation, while minimizing downtime. I recommend backing up digital files on a daily basis. Having said this, not many people test their backup.

Nothing is more frustrating than trying to restore a backup once disaster hits and discovering that it cannot be restored. I tell my clients to make a habit of restoring their backed up data at least once a month. Don't become complacent, as it will be the difference between experiencing two hours of downtime and being down for days, possibly even ending up without data at all.

To decrease the probability of a practice being exposed to ransomware, a team should be trained constantly and consistently; this also includes any temporary staff. In addition, having a tested disaster recovery plan is key to ensuring that downtime is minimized and that a practice can return to normal operation seamlessly.

I have also begun suggesting to my clients that they inquire about cyber insurance. An insurance broker should have advised the purchase of this insurance, but if they have not, I'd recommend working with a more knowledgeable, experienced, and personable insurance broker.

Alex Zlatin is the author of the book Responsible Dental Ownership and is the CEO of dental practice management software company Maxim Software Systems.

The comments and observations expressed herein do not necessarily reflect the opinions of DrBicuspid.com, nor should they be construed as an endorsement or admonishment of any particular idea, vendor, or organization.

Page 1 of 546
Next Page