Nurturing Up To Date Email Protocols At Your Clinic
When we hear of a cyber attack against a business, we may assume they were dealing with a bored individual looking for excitement on a home computer.
More often than not, the real culprits are highly organised, motivated and resourced with servers, algorithms and artificial intelligence.
The most common type of personal and professional cybercrime is Phishing, with a significant proportion of attacks conducted through email attachments.
Wikipedia describes Phishing as social engineering and scams where attackers deceive people into revealing sensitive information or installing malware.
These attacks are often delivered through email spam, attempting to trick an individual into disclosing sensitive information or login credentials.
After infiltrating an account, the fraudster may aim to dupe a business into paying an invoice into the incorrect bank account.
However, for medical practices, a data breach may also mean access to systems containing patient files.
Vulnerabilities From People, Processes & Technology
The prevalence of these attacks underscores the need for all businesses to focus on people, processes and technology that cover the most common vulnerabilities.
Awareness plays a pivotal role in protecting us from the latest methods of email trickery.
Once something looks out of place, do not share personal details or go through with payment.
We can then pause and confirm that we know who we are communicating with, perhaps by checking against an independently verified supplier list or verifying their details through an ABN lookup.
We can independently source the phone number of a company and call or crosscheck the website connected to the email domain by cutting and pasting the details after the @ in the email address.
Although we live in a world of passwords, it is wise to make them long and complex while ensuring they are frequently changed and are distinct for each application.
Most online systems have two-factor authentication, so turning this on adds another layer of security from cybercrimes.
Identifying Gaps Beyond The Reception Desk
It’s also crucial to identify any gaps of potential vulnerability in IT security and accounting, for example, that people instructing payment are not the same as those authorising payments.
As banks are not liable for mistaken transactions, we may wish to avoid debit cards or bank transfers and instead use a credit card for payments, where possible, to potentially assist in reversing the transaction.
We can also check that the finance and IT services have security practices in place by asking questions about their systems and protocols.
The asking of questions is a culture we can also encourage within the workplace, especially when being open to those queries where the answer seems obvious, such as ‘Should I open this link?’
Key staff within the medical practices can also keep an eye on Scamwatch, which is an initiative of the Australian Competition and Consumer Commission (ACCC) – https://www.scamwatch.gov.au/
A clear and well-structured protocol that contains such items also provides a starting point for discussing and educating staff on the reasons behind these practices.
Other Questions & Concerns
As secure email protocol is part of the broader area of cyber security, this may lead to other questions and concerns.
Knowing where to start securing data and information in your practice will depend on the systems and technology used and how staff access these platforms.
Nicky Jardine can provide a health check of your current systems and work with an IT company to advise upon changes to existing structures and recommendations for optimising security.
Having over 30 years of experience in the health industry and a decade in practice management, Nicky is adept at assisting practices to implement and update systems and protocols.
Beyond IT companies, Nicky works with various industry professionals to establish a profitable and compliant medical business in rural and urban environments across Australia.
For more information, please email nicky@nickyjardine.com or contact Nicky here.