Cyber criminals are studying email correspondences, looking for holes in the way
organizations are currently operating. They’re finding new opportunities to target
vulnerable employers who are now implementing new protocols and procedures.
They’re even baiting curious and anxious employees with phony websites
impersonating healthcare organizations and then inserting malware into their business
network. It is estimated that there are 2,000 coronavirus-related sites created every
day, most of them malicious. These sites are targeting states with high infection rates
to try to steal information and credentials. Fraudulent emails and text messages from
banks or other reputable institutions have become more and more frequent.
As always, a computer network’s greatest cyber vulnerability is its own employees.
Veterinary practice owners must be more vigilant now than ever. Follow these
seven guiding principles to protect you and your business.
1. Review Current IT Policies
Organizations should review their current policies regarding
remote access, even if your clinic remains open with staff
present. Inform employees of the approved technology by
your company and the proper ways to use the technology.
Implement controls for all transfers of funds, regardless of
the size and especially when there has been a change in
a process or procedure. Similarly, remind your employees
not to share personal or business-related confidential
information.
2. Use Strong Passwords
While most clinics are deemed essential and are operating,
many veterinary employees access business email or file
systems at home using personal phones, iPads and other
devices. Ask employees to use more robust passwords now
- not “123456.”
3. Only Visit Reliable Sites
Teach employees to recognize which websites offer
reliable data on the current crisis and ask them to avoid
visiting sites on their work devices that aren’t reputable.
For COVID-19 crisis updates, instruct employees to visit
reputable sites including the AVMA, state VMA, AVMA PLIT,
AVMA LIFE, CDC or WHO sites.
4. Create a Response Plan
It’s important to put together a one-page list of internal and
external contacts necessary post-breach. Include contacts
for law enforcement, all stakeholders – clinic owners,
doctors and staff – your cyber crime insurance broker, a
privacy attorney and a forensic investigator. Timing and
communication post-breach will make or break it for an
organization. This one-page list will be key to coming out
on top.
5. Report Immediately
Cyber crimes aren’t reported to law enforcement at the
same rate other crimes are, but they should be. The FBI’s
Cyber Division works exclusively on these crimes and can
provide increased protection when they are reported.
6. Perform Updates
Security patches should be maintained and updated
regularly on both individual laptops and the clinic’s network.
While simple, this will act as a critical baseline firewall for
the network.
7. Review Your Coverages
Do your policies cover “bring your own” device exposures?
third-party computer systems that may have interruptions
in service? other potential exposures like social
engineering?