A cyber security assessment of your dental practice is much more than a review of your practice software. It’s vital to analyze both technical and non-technical components of your practice on each of the three pillars of cyber security: people, policies, and technology. These sorts of assessments similar to pentesting
(or a penetration test) are important, as they check the security of any computer. With confidential data stored, this is something that has to be kept safe and away from unwanted visitors.
Here are some important things to consider.
PEOPLE EMPLOYEE TRAINING AND AWARENESS:
1. Ask scenario-based questions. Applying an office policy to a real-world situation will help assess your employee’s understanding of your practice’s policies and procedures.
2. Simulate “social engineering” attacks (ex. phishing emails). This will prepare employees for the type of attacks they are likely to face and will make your entire practice more aware of cyber threats and more vigilant when encountering a real attack.
3. Allocate proper time and resources. Training is often given low priority but is one of the most essential parts of a cyber security infrastructure. It’s important to spend just as much time assessing an employee’s knowledge of policies and procedures.
POLICIES AND PROCEDURES:
1. Review all of your policies and procedures regarding your cyber security. Office policies are often scattered throughout a practice (if they even exist).
2. Tailor your cyber security policies and procedures to your own individual practice. Not all practices are the same, so your policies and procedures should be customized to fit your environment. It is important to balance security with usability so that your employees can function productively without compromising data.
3. Be thorough. Your office cyber security guidelines need to be thorough. Your password management policy should outline how employees should create, update, share, and store their passwords.
1. Address Network, Server, and Web Application Vulnerabilities. Does your business use a virtual private server? Using a hosting solution such as VPS from www.hostiserver.com
can ensure the highest level of security for your network. Simple “IT Audits” do not assess potential vulnerabilities that many times go undetected.
2. Perform Penetration Tests. While obtaining a list of vulnerabilities within a practice network is helpful, it does not show which practice data is exploitable – penetration testing for IT infrastructure
will show which of your vulnerabilities can allow a data breach to occur if you are the target of a cyber attack (not if but when).
3. Do periodic engineering assessments of your network. Networks tend to grow on an “as needed” basis, which causes a “spaghetti effect,” which commonly creates security holes and unnoticed vulnerabilities within your system that will have to be located via security testing
and fixed to ensure optimum security. Keeping your network diagrams up to date allows you to see a more comprehensive picture, and will help you locate and fortify points of weakness within your system.
Stuart J. Oberman, Esq.
Stuart J. Oberman is the founder and President of Oberman Law Firm. Mr. Oberman graduated from Urbana University and received his law degree from John Marshall Law School. Mr. Oberman has been practicing law for over 30 years, and before going into private practice, Mr. Oberman was in-house counsel for a Fortune 500 Company.
Read More =>