What to Consider When Performing a Cyber Security Assessment

A cyber security assessment of your dental practice is much more than a review of your practice software. It’s vital to analyze both technical and non-technical components of your practice on each of the three pillars of cyber security: people, policies, and technology. These sorts of assessments similar to pentesting (or a penetration test) are important, as they check the security of any computer. With confidential data stored, this is something that has to be kept safe and away from unwanted visitors.
Here are some important things to consider.

PEOPLE EMPLOYEE TRAINING AND AWARENESS:
1. Ask scenario-based questions. Applying an office policy to a real-world situation will help assess your employee’s understanding of your practice’s policies and procedures.
2. Simulate “social engineering” attacks (ex. phishing emails). This will prepare employees for the type of attacks they are likely to face, and will make your entire practice more aware of cyber threats and more vigilant when encountering a real attack.
3. Allocate proper time and resources. Training is often given low priority, but is one of the most essential parts of a cyber security infrastructure. It’s important to spend just as much time assessing an employee’s knowledge of policies and procedures.
POLICIES AND PROCEDURES:
1. Review all of your policies and procedures regarding your cyber security. Office policies are often scattered throughout a practice (if they even exist).
2. Tailor your cyber security polices and procedures to your own individual practice. Not all practices are the same, so your policies and procedures should be customized to fit your environment. It is important to balance security with usability so that your employees can function productively without compromising data.
3. Be thorough. Your office cyber security guidelines need to be thorough. Your password management policy should outline how employees should create, update, share, and store their passwords.
TECHNOLOGY:
1. Address Network, Server, and Web Application Vulnerabilities. Does your business use a virtual private server? Using a hosting solution such as VPS from www.hostiserver.com can ensure the highest level of security for your network. Simple “IT Audits” do not assess potential vulnerabilities that many times go undetected.
2. Perform Penetration Tests. While obtaining a list of vulnerabilities within a practice network is helpful, it does not show which practice data is exploitable – penetration testing for IT infrastructure will show which of your vulnerabilities can allow a data breach to occur if you are the target of a cyber attack (not if but when).
3. Do periodic engineering assessments of your network. Networks tend to grow on an “as needed” basis, which causes a “spaghetti effect,” which commonly create security holes and unnoticed vulnerabilities within your system that will have to be located via security testing and fixed to ensure optimum security. Keeping your network diagrams up to date allows you to see a more comprehensive picture, and will help you locate and fortify points of weakness within your system.