Four Simple, Low-Cost Actions to Uplevel Your Office Security Today
Aug 28, 2018 06:00AM
● By MED Magazine
There was a time when securing the medical office and sensitive data was as simple as putting a lock on the door and a password on the computer. Those days are long gone.
“The world today is a different place and you can’t just leave security in the background anymore, especially in a med situation where you are dealing with private, personal information.” says Lynn Soeth, Manager of Security Service at Fargo-based High Point Networks.
Soeth and her team of “ethical hackers” help businesses improve their cyber security through phishing campaigns and other processes designed to uncover and shore up weak links—whether it is hardware, software, or human-related.
“It is not just about malicious attackers,” says Soeth. “Even something as simple as leaving a computer unlocked in a waiting room and a person clicks a button and gets to where they should not have gotten.”
These days, medical practices and health systems routinely spend thousands of dollars with companies like High Point Networks to find the vulnerabilities and learn how to protect their data. But, as Soeth points out, not all security tactics are expensive. In fact, some of the most important ones cost nothing at all.
“You don’t even have to spend money to make yourself more secure. But you do need to spend time and resources thinking about it,” she says. One place to start is an education class to alert staff to potential dangers. Here are some other tips from Soeth:
Rotate passwords regularly or, better yet, consider using password phrases.
“There are password cracking programs out there now that can crack the typical 8-character password. The only thing that slows them down in the processing speed of the computer,” says Soeth. “When you move to a pass phrase of 15 characters or more, something easy to remember like ‘batteryhorsestaple’, it is going to take much, much longer and may just be too much trouble to try to crack.”
If you have hardware connected to the Internet that doesn’t need to be—such as an Internet-enabled printer—take it off line.
“That is a huge area of vulnerability that many people overlook,” says Soeth.
Don’t use the same password or passphrase for every office user.
“If everyone is using the same password, that is a lot of risk. And what do you do if someone leaves? Do you change the password?” says Soeth,
Establish a two-part authentication for accessing office data.
The Center for Internet Security, a national organization, has established 20 controls for optimal protection against cyber threats. High Point Networks focuses on the top six which, Soeth says, can make a company 85 to 90 percent secure.
“Here in the Midwest, and in medicine especially, the inclination is to trust and to want to help. We want to encourage them to trust but verify,” says Soeth.
Download a list of the 20 security measures (controls) recommended by the Center for Internet Security.