One of the greatest responsibilities of an IT Company/MSP is network security. Dental offices face threats from cyber criminals at an ever-increasing rate. We not only pride ourselves on being HIPAA experts but threats to our clients drive the security options we recommend. Before a client is onboarded we audit their system to pinpoint any potential weak points in their existing security, we offer recommendations and explain what those components do and why they are necessary. Once a practice has decided to work with us we provide them with the baseline of our security protocol, an actively managed firewall, backup and disaster recovery hardware and software (to secure their data and provide failover options), anti-virus and anti-ransomware software (proactive option highly recommended), our 24/7 monitoring software, quoting and documentation on any HIPAA pitfalls currently existing in their practice, and a rundown of best practices for their internal SOPs. While we have focused on what we do for our clients and what practices should look for from an IT company in previous posts this article outlines some simple steps any office can take to make information security just a little easier for their team.
You'd be surprised how many common mistakes could be avoided when it comes to information security for dental practices by taking a deep breath, standing up and sitting back down. It is too easy to be caught up in the "drama" of a situation, if offices would step back and consider the situation they are facing their chances of doing the wrong thing drops dramatically. By being alert and attentive with critical thinking almost all information security issues are avoidable. If (for example) you or an employee are asked to reveal information, consider the request; where is it coming from, is that request solicited or unsolicited, if unsolicited this is very likely a dangerous scenario. However, if the request is solicited but you do not have a contract with the solicitor and are willing to provide names, emails, computer usernames, computer passwords, etc. you should take a minute before you move forward and if you have an IT company at your disposal, ask them to investigate.
Information security starts with a classic, choose a strong password, read: hard to guess. Far too often we are greeted with existing passwords consisting of names, nicknames, common words, addresses, phone numbers, number replacements like pa55w0rd and so on. You can take a first step to securing your practice by implementing passwords that let's face it, are annoying. Is this article meant to frustrate you, no but annoying passwords once implemented can be managed by password management tools (do your research here as well) which utilize encryption to prevent hacking. When it comes to choosing an annoying password to improve your information security there are some simple steps to follow:
There are a variety of ways to accomplish locking of workstations but any solution is better than leaving them open, not only is leaving a workstation accessible a HIPAA violation but also leaves your office vulnerable. Perhaps the simplest form of computer locking is to sign out or to press the Windows key on your keyboard + "L" at the same time. You can also set all computers in your office to lock or log out after a certain period of time (5 minutes?). Look into solutions tied directly to each user within your office (fobs for example). However, we also highly recommend solutions connected to Active Directory (you can learn more about Active Directory in a previous blog) to ensure information security.
While your IT provider should set you up with a secure network (private, encrypted, hidden) and a public network for your patients, your team can still access the public side. Your team needs to take personal responsibility for ensuring that they are using the private network at all times. Essentially, trust your provider to give you the tools you need but double-check that your employees are aware of their responsibilities when it comes to information security. From a hardware perspective whether you have a self-enclosed IT rack or a server room it is imperative that they are housed in a secure, lockable space. Your server (if you aren't on the cloud) and network components should not be accessible to the general public and ideally would only be accessible to a select few (your "inner-circle". This type of security ensures your practice has another level of protection and is one step closer to HIPAA compliance.
As with your network there are some simple steps that you and your team can take to ensure information security.
Whether you entrust your IT needs to Darkhorse Tech or another IT company/MSP, keep in touch! Report security warnings from your internet security software, some threats may come up unexpectedly, it is best to report these to your IT team ASAP. These threats include unsolicited emails, pop-ups and alerts that may show up while on the internet. Information security, one more way to connect with the people you trust the most.
Whether you're just starting out or a well-established organization, Darkhorse Tech has the experience and technology to help get you moving, cut costs, and streamline your operations via unlimited IT support. We are here to help you do what you do best: focus on providing top-notch care and service for patients - not dealing with IT problems, lag time spent talking with technical support, or complicated technological mishaps. Unlimited IT support services help the whole team work efficiently without worrying about significant system issues or constant interruptions.
Our additional security services include:
Contact us anytime if you want to learn more about our dental-specific solutions and unlimited support packages. Our friendly customer service team will get back to you in no time.
Let's get started. Call us today at 800.868.4504
You can schedule an intro meeting online! Find a time on our calendar that works for you.schedule today!