Today, veterinary practices are as much of a target for cyber crime as any other business. Cyber criminals across the globe are preying on vulnerable business computer networks.
Cyber criminals study email correspondence, looking for holes in the way organizations are currently operating. They’re finding new opportunities to target employers who are now implementing new protocols and procedures.
They’re even baiting curious and anxious employees with phony websites impersonating healthcare or government organizations and then inserting malware into their business network. Fraudulent emails and text messages from banks or other reputable institutions have become more and more frequent.
As always, a computer network’s greatest cyber vulnerability is the employees. Veterinary practice owners must be more vigilant now than ever. Follow these seven guiding principles to protect you and your practice.
1. Review Current IT Policies
Inform employees of the technology approved by your practice and the proper ways to use it. Implement controls for all transfers of funds, regardless of the size and especially when there has been a change in a process or procedure. Similarly, remind your employees not to share personal or business-related confidential information.
2. Use Strong Passwords
Many veterinary employees access business email or file systems at home using personal phones, iPads and other devices. Ask employees to use more robust passwords — not “123456” — and opt for two-factor authentication, if possible.
3. Only Visit Reliable Sites
Teach employees to recognize which websites offer reliable data and ask them to avoid visiting sites on their work devices that aren’t reputable.
4. Create a Response Plan
It’s important to put together a one-page list of internal and external contacts necessary post-breach. Include contacts for law enforcement, all stakeholders – practice owners, doctors and staff – your cyber crime insurance broker, a privacy attorney and a forensic investigator. Timing and communication post-breach will make or break it for a practice. This one-page list will be key to coming out on top.
5. Report Immediately
Cyber crimes aren’t reported to law enforcement at the same rate other crimes are, but they should be. The FBI’s Cyber Division works exclusively on these crimes and can provide increased protection when they are reported.
6. Perform Updates
Security patches should be maintained and updated regularly on both individual laptops and the practice's network. While simple, this action will help maintain a critical firewall for the network.
7. Review Your Coverages
Do your business insurance policies cover “bring your own” device exposures? third-party computer systems that may have interruptions in service? other potential exposures like social engineering? If they don’t, you may want to consider changing your provider or increasing your coverage.