New Year, New Threats
For more tips and how-to's, visit our tech blog
Every Financial Year, the Australian Cyber Security Centre posts their Cyber Threat report and everyone working in IT nervously bites their nails. For the past few years, the ACSC report has charted a consistent 13% increase in cyber-attacks each year, and through emergent technologies and widespread misinformation this number is projected to climb even sharper in 2023.
ACSC Report 2020-21 | ACSC Report 2021-22
While every opportunity is taken to protect your data, hackers and bad actors have equal resiliency attempting to thwart those defences.
Take a moment to examine your business. Step outside (figurately, it’s way too hot out there) and see your company through the eyes of an opportunistic hacker, scoring yourself on the questions below. Do you see anything that could be leveraged?
1. How often does your medical data get backed up?
2. Do your medical backups save to a second location?
3. When did you last have a test restore done?
Cyber Criminals continue to find unexpected ways to gain access to our systems, one hot topic in the past years has been attacks surrounding world events. From pandemics to hurricanes to the war, unsuspecting people fall for all kinds of scams when distracted by crisis. Many of these scams take the form of social engineering attacks, that play on emotions.
In October, we discussed ‘family impression’ scams, where hackers try to convince people their family members have a new phone number and need money. SMS phishing attempts continue to be on the rise for 2023, and mobile malware is more of a threat than ever. Your phone can absolutely get viruses. Be just as careful downloading apps and visiting websites as you would be on a regular computer.
4. How often are your staff doing cyber security training?
5. How many practice logins use Multi Factor Authentication?
6. How are practice passwords stored?
One solution we’ve been championing (and if you’re security conscious, you’ll be aware of) is Multi-Factor Authentication, or 2FA. Adding a second step of verification to logins is a massive improvement to your overall security and can keep hackers out even if they have your password. For many would-be criminals this has stumped them, but some – emboldened by the challenge – are trying more nefarious ways to get around 2FA for 2023. Make sure you aren’t weakening your own defences by using a shared mobile phone to get multiple users’ 2FA codes or having the codes publicly visible even for the brief time they can be used.
7. How many people have Administrator access, or elevated permissions?
8. How many people share logins?
The dangers of password sharing are well documented, with a heavy majority of attacks succeeding due to weak or shared passwords. Practice Managers – or the managers of any business – should always know who has access to what, and why they need it. In 2023 and beyond, staff should only have access to what they need on a regular basis.
9. What is your policy for installing software updates?
10. Do you have a modern firewall filtering access to and from the internet?
Software and Firmware patches are vital to keeping your devices secure. All too often, unexpected vulnerabilities are found in software and hackers will pay big to exploit them. Thankfully, once the creators become aware of any potential backdoor access, they can patch the issue. Always keep your devices up to date in 2023!
Results
Mostly A’s.
Awesome work! Your security efforts have surely prevented plenty of potential attacks, make sure to keep it up and don’t let your guard down!
Mostly B’s.
Better than most, but still room for improvement. Often simple human error causes the most devastating cyber-attacks. Keep it up and ensure you don’t fall victim to a sophisticated attack.
Mostly C’s.
Certainly, this is the best time to improve your score – Get in touch with us today (or your current IT) and see what can be done for your company to protect against emerging threats. Often small improvements in business processes can pay off with huge benefits to security, though only if your staff are aware of the threats and best procedure to deal with them.
Mostly D’s.
Danger! It’s time to make a change. At a certain point calculating business risk of breach becomes less “if”, more “when”. Make sure you don’t become a statistic in next year’s ACSC report. This year, a primary business goal should be to get your cyber-security and training in order. Health IT can help with this, offering free staff security training for our clients.
Resources
Health IT provides free online security training to our clients and safety resources for download from our website.
To ensure your staff are keeping patient data secure, arrange a security audit by getting in touch today.
For more info and articles, visit our Tech Blog.
Online Security Training
Small companies make up 71% of all data breaches, and 95% of them are caused by human error....
What “Good” Looks Like For a Healthcare Business
What Does "Good" Look Like For a Healthcare Business? For more tips and how-to’s, visit our tech blog Phones...