Bad habits: we all have them. But that doesn’t mean we can’t overcome them. This is certainly true for network security habits in dental practices. Using unsecured Wi-Fi to handle sensitive data? Not securing your physical server? Not changing your network passwords? Every day that passes where you don’t change these habits is a day you’re putting your practice at increased risk.
Abandoning bad security habits comes down to two overriding goals: keeping up to date on best security practices and having good trusted partners. In my experience at TechCentral, when practices have those two things, everything else falls into place. Of course, building that strong foundation is more easily said than done.
In this article, I’ll identify some specific bad security habits to abandon and some actions you can take to improve security.
Bad habit: Lack of education about best practices surrounding patient data security. Staff members needs to be educated, and so does your IT provider. The right IT provider should be one that has an understanding of the specific requirements in the dental industry both relating to the right dental office technology as well as how to protect your patient data.
Good habit: Use a single-source IT provide that you can trust. Using a trusted IT provider for all of your office technology needs means fewer headaches and less hassle—now and in the future. Having a reliable IT provider is money well spent. It’s better than thinking you can handle it yourself or asking a relative to do it.
Bad habit: Not maintaining physical security at your dental practice. Dental offices have expensive equipment, supplies and even drugs with possible street value, which can make them a target for thieves. Attacks may unfortunately come from external as well as internal sources, resulting in vandalism or stolen data, property and equipment. You’ve worked hard to build your practice, and the last thing you want to worry about is losing it all to one of these threats.
Good habit: Install and maintain a surveillance system. Get a surveillance system that covers all those critical areas you’re concerned about, like entrances, exits and server locations. I recommend that dentists consult an attorney regarding local laws and complying with any specific regulations regarding use of such devices.
Bad habit: Buying consumer-grade firewall. The firewall devices that you can purchase at your local retailer may not be suitable for protecting your patient data. When you don’t employ a robust firewall appliance, you make it easier for hackers to access your valuable protected health information (PHI), transaction data and confidential information databases. Also, their life cycles can be typically shorter, making them more prone to failure.
Good habit: Buying a business-grade firewall. Taking a more comprehensive approach to network security is suggested to help guard against the hidden, sophisticated attacks that can plague your practice without you ever knowing. Having a trusted IT provider can be especially helpful because they can make sure that you are getting the right equipment for your dental practice.
Bad habit: Not staying up to date with your software. Delaying upgrades can increase security gaps and could increase your exposure to security breaches.
Good habit: Staying up to date with your software’s security updates. It is important to install operating system patches as well as updates to your antivirus and firewall protections. In fact, it would be worth the investment to get a total security package that includes website protection and monitoring of data traffic. Again, make sure you get a business-grade firewall and business-grade Wi-Fi.
Bad habit: Not changing your default passwords. Often times Wi-Fi devices, backup devices, firewall devices and server devices come with a default password. Not changing that default password can lead to a security breach where someone can gain access to your surveillance system or control your locks, backup or firewall.
Good habit: Randomizing your passwords. It is important that you change the default password as soon as possible. Randomize your passwords so they aren’t the same for all of your devices but remember to store those passwords in a safe location in case you forget them.
Bad habit: Not having two separate Wi-Fi services, public and private. It seems that some practices are getting lazy about setting up two separate subnets, but it’s essential to network security. You don’t want just anybody getting access to your patient data.
Good habit: Develop a BYOD (bring-your-own-device) policy. Don’t let your patients or employees use their personal mobile devices on the practices network. Your guest Wi-Fi network needs to be just that—a separate network just for outside devices. You simply don’t know whether or not their device has a virus or ransomware that can infiltrate your network.
Bad habit: Not confirming attachments in suspicious emails. You or your employees can click on a harmful link, exposing your network to a virus or ransomware. You and your staff members are on the frontlines of defense, and you need to watch for suspicious links in their emails. For instance, if you get an email about an order that you know you didn’t place, don’t click on that link.
Good habit: Confirm the source before you open the attachment. When in doubt, call the sender and confirm they actually sent that email attachment. It is important that your staff stay vigilant in detecting these potential threats.
Bad habit: Not having your patient data encrypted. A data breach as a result of a stolen or lost hard drive could be devastating to your patients’ security, as well as your practice’s financial stability. In addition to a damaged reputation, you could face financial damage from large fines and lost revenue.
Good habit: Protect your patient data with disk encryption. Encrypting the data at rest with AES 128 or 256-bit encryption can help prevent thieves from reading data from a stolen server or hard drive even if the drive is moved to another machine.
Bad habit: Not having a reliable backup. Have you ever imagined how devastating it would be if you lost all of your practice data—patient records, financial and accounting information, payroll, inventory…everything? No one wants to think that data loss could happen to them, but this nightmare of disaster, hardware failure or stolen data is a potential reality.
Good habit: Have a redundant backup of your patient data. To help protect yourself, you should keep redundant copies of your valuable data in two protected locations. Your data should be stored with AES 25-bit encryption both at your office, such as on a backup appliance, as well as at a protected offsite location, such as in the cloud. If you ever lose your server completely or in part because of disaster or hardware failure, having a hybrid backup will help you recover your practice management data quickly.
Remember, no matter how cutting edge your digital dentistry tools are, without the right supporting infrastructure and security best practices, your business won’t be protected. It’s a lot to consider, and that’s why it’s important to keep in mind the first two rules: stay educated on best practices and choose a reliable IT partner.
Henry Schein TechCentral is a single-source IT provider because they work with several technology manufacturers to provide peace of mind that you’re getting the right equipment and security solutions for your dental environment. By relying on TechCentral to manage these systems, you can focus on what you do best—treating your patients.
Take the first step toward improving your network security by scheduling a free technology assessment performed by a TechCentral professional who will evaluate your networks, servers, firewall, and more. Call 844.206.1228 to schedule your assessment today.
About David Broom
David Broom is Senior Director of Product and Business Development. David has a master’s degree in Information Technology (IT) from the University of Texas in Dallas and has more than 35 years of experience from many global companies such as Hitachi Vantara, Methode Electronics and Acme Brick. In his current role he is responsible for all aspects of the product management team at Henry Schein TechCentral, which identifies the ideal advanced technologies to meet the unique needs of the dental market and ensure that dental offices are using the right IT to be more efficient and effective.