Best practice IT housekeeping

Did you know that in the UK, one small business is hacked every 19 seconds? How about the fact that there are, on average, 65,000 attempts to hack the systems in small to medium sized businesses every day, 4,500 of which are successful?[i]

These statistics are especially concerning when we think about dental settings and sensitive patient data. Any breaches in patient data can mean big fines from regulatory bodies as well as potential legal action – the last thing that any practice needs.

So how do you keep your IT security up to date and as secure as possible? Here are some tips:

1. Make sure your Windows software is up to date. Software companies release frequent updates to strengthen against potential weaknesses in code that hackers can exploit. If you are not running the most up to date version of your software there’s every chance that a hacker could take advantage of these weaknesses, compromising your systems.

2. Update your antivirus regularly. New computer viruses and malware are being developed all the time, so you need to make sure your systems are able to recognise these threats and defend against them. Out of date antivirus software may not be able to identify new viruses and malware and this can lead to your system being completely shut down and made inaccessible, encrypted against you and the data stolen from your storage if you aren’t careful.

3. Have a solid backup process in place. As a bare minimum you should have both onsite and offsite backup available. Local backup is best for a quicker data restore if required, and offsite back up (e.g. cloud-based) is essential if you want to protect your data as much as possible. It is important that you rotate any backup media, and ensure that you have a minimum history of at least 7 days. Potentially keeping copies on a weekly/monthly rotation is good practice to minimise any potential loss of data.
   
   It’s vital that you monitor and review your backup software every day to guarantee that it is saving the data that you need. Physical hard drives should also be encrypted via Microsoft BitLocker. This means that even in the event of physical theft, these devices cannot be accessed without the encryption key, so it is much more difficult for data to be compromised.

4. Keep your Dental Practice Management Software (DPMS) up to date. It is essential you keep on top of these updates as many of them are designed to enhance the security of your systems. If you fail to upgrade, you are potentially increasing your vulnerability to cyber attack.

5. Be inventive with your passwords and change them regularly. It seems like common sense, but choosing a strong password to protect access to important information is essential. The best type of password is at least 8 characters long, includes a mix of upper and lowercase letters, numbers and symbols such as % and @. You should never tell anyone your passwords, and to be extra safe, it’s a good idea to update passwords around every 90 days – choosing a completely different combination of characters from before.

6. Keep staff alert. Arguably one of the biggest ways that systems become infected is when people fall for phishing emails and other seemingly innocent looking traps. You’ll have likely seen these types of emails before – they are often disguised as emails from sites you use regularly such as Ebay, or even as tax refunds or important messages from your bank. They will always include a link that, if clicked, can infect your computer with a virus or malware.
   
   It’s also worth reiterating that staff shouldn’t use work computers to download personal files or browse unsecure websites. This is another way that viruses and malware can infiltrate defences. If a person does infect a computer and is faced with pay walls or other demands from hackers, it’s essential they contact the police immediately. You will also need to inform the ICO if any data has been compromised.

7. Make sure your router has a firewall. A firewall essentially protects your network from being accessed by outsiders looking to steal any data. Many modern routers have a firewall built in, but it’s vital that you check just in case.

8. Encryption is key. Remote access is very useful, but when data is being sent there’s opportunity for hackers to view it unless it is properly encrypted. Encryption jumbles the data so that it is unreadable when in transit.

At the end of the day, cyber security is becoming more and more important and practices need to be able to defend themselves from any threats. As viruses and malware continue to become more sophisticated, your defences need to advance too in order to keep sensitive data safe.

[i] CSO. UK Cybersecurity Statistics You Need To Know. Link: https://www.csoonline.com/article/3440069/uk-cybersecurity-statistics-you-need-to-know.html [Last accessed November 20].