By: Larry Darnell, Director of Strategic Initiatives and Technology, Florida Dental Association
You hear it all the time. This company got hacked. There was another data breach at that bank. Entire government entities have had to shut down because of cybersecurity events.
In the early stages of a cybersecurity event, no one is saying exactly what has happened because, honestly, they likely just discovered something bad has happened. They are not even certain of the scope of the event yet.
I have seen it happen to our local hospital, a local school system and our parent organization, the American Dental Association. It is becoming all too common these days. What you seldom hear is what really happened.
Let me demystify some of these cybersecurity events for you. Most entities fall victim because one user account or email is compromised. I know it sounds crazy, but that is literally all it takes.
Once they have access to one account, the bad actors will work at accessing what data and influence they can from that access and likely gain access to more resources until they have all they need to do what they want with your computer systems.
You need to recognize that the information in your computer systems is way more valuable than you realize. Private health information is considerably more valuable than just basic financial data.
You can often turn the siphon off on financial data loss, but private health information is nearly impossible to pull back.
I know you think the bad guys are after the big companies with more assets and records. Now think about how many patients you have as well as your employees and then all those families with information that can be compromised by just one mistake with a click or one bad sign-in.
Truth is, it is a matter of when, not if, you will experience some sort of cybersecurity event. The key is to truly believe it can happen to you.
Educate the people who work with you and for you to be always aware. Make sure your family knows the risks. I have three daughters. I taught them early and often about the risks of strange emails, phantom texts or Instagram/Messenger Direct Messages. I even caution my 86-year-old mother about the risks now too.
It is almost better not to trust anyone than to be overly trusting and blindly clicking on anything and everything. I can tell you that I personally know of businesses that have been compromised by employees looking for coupons, music lyrics and even just clicking on an advertisement on a legitimate website.
Searching for anything on the Internet carries risk. Pay attention to what you are clicking on. If it can happen to them, it can happen to you. Identify your weakest link. Train them up and educate them about the risks. We can no longer turn a blind eye and just say it won’t happen to us because it is now more likely than ever.
- Report to your information technology (IT) people anything that seems off, out of the ordinary, or questionable. We don’t mind people being overly cautious.
- Ask yourself and others what you would do in the case of a breach of your business or private health data. You must have an action plan.
- Practice what you preach. If you tell your employees, family, etc., one thing, don’t get caught doing the same thing you told them not to do. Doing as I say and not as I do will get your data breached quickly.
- Get cyber liability insurance. It is going to happen. It is better that you and your company are protected when it does. Call FDA Services about our Coalition Cyber Coverage policy.
- Recommend you use credit monitoring services to protect yourself and your business and personal assets from the aftermath of an attack before the attack comes.
- Don’t think there is not a risk on your phone or other devices used outside of your office. Any device connected to you in any way is a risk to your business data. We live in a connected world.
- Think before you click that link, provide that information, or install that app. Ask yourself, what is the worst thing that can happen if I do this?
Beyond the Bite 