Whether or not you’ve seen the 1979 psychological horror film When A Stranger Calls, at some point you’ve likely heard this memorable line: “We’ve traced the call and it’s coming from inside the house.” According to the 2017 Threat Monitoring, Detection & Response Report, inadvertent breaches prompted by internal users (employees, vendors, etc.) accounted for 61% of cyberattack incidents.
Phishing scams, spyware, ransomware and malware are the most common types of cyberattacks, and they all in one way or another require you to open the door for them to enter. What happens if you don’t open that door? They likely aren’t coming in!
Here’s what you need to know to ensure that you’re taking the necessary precautions to minimize your office’s vulnerability to attempted cyberattacks.
Be Prepared and Remain Vigilant
What Your Peers Are Reading
Thwarting possible cyber assailants is an ongoing process that demands education on the part of everyone in your office. It’s important to delegate the responsibility of staying up-to-date on current security threats to at least one member of your staff. This team member can then assist others with taking additional measures needed to protect your networks, data and systems as needed. If you’re running a small practice, that responsibility may fall on you.
Regardless of who’s monitoring security for your practice, there are tons of sites and resources dedicated to cybersecurity news and best practices that can keep you in the know. Two of the many we follow are Krebs on Security and VirusTotal, which is a valuable resource for analyzing any suspicious files or URLs that arouse your suspicion.
Another important procedure you should implement is security training for your staff. We are at a point in the evolution of cyberattacks where the safest bet is to adapt an instinctual skepticism in your staff for unsolicited emails (and phone calls and texts) that arouse suspicion. If you’re the recipient of an unsolicited communication (being prompted for sensitive information like usernames, passwords, credit card details, etc., or being asked to download a file or piece of software to your computer), you should refrain from providing any information or downloading anything until the individual responsible in your office for security has had an opportunity to review the situation. Keeping your office protected will require ongoing education, staff training and vigilance on the part of all.
Invest in Password Manager Software