Not what you want to see flashing across your screen!
Unfortunately, online attacks on consumers and businesses seemingly have become the norm.
We’ve gotten used to dealing with malware. We do our best to protect ourselves from viruses. But now, we’re forced to deal with ransomware?
Where does it end and what will it be next?
When your computer gets hacked and held for ransom, the criminals have locked down your data. And unless you pay up, they won’t release it; at least, that’s their intent.
Fortunately, things don’t always go according to their devious plans. But just the idea of someone taking control of your machine and data is rather disturbing, to say the least.
Just recently, a massive, broad Ransomware attack swept across Europe, Asia, and the US. This attack was primarily directed toward businesses. Because of the attack, some businesses were forced to shut down their operations for a while.
Staying safe online and protecting yourself against attacks has become a real challenge; not only for the individual consumer but also for big business and government.
So what can you do?
How can you protect yourself? How can you stay in compliance, when even government agencies get hacked, and data is breached?
While nothing can protect you 100% from getting hacked, there are some best practices when followed, greatly minimize your risk.
Best Practices To Follow
- Limit access to computers and software to those who need it.
- Don’t allow the removal of computers from the office, to be diverted for personal use.
- Take the proper precautions when taking a laptop or tablet offsite, away from the office, to be serviced.
- Password protect access to critical software and equipment.
- Establish user permission levels to what is necessary to do the job.
- Lock access to computers when not in use (even if you just step away for a few minutes).
- Encourage everyone to log out of programs and websites once the work is done. Unless necessary, don’t stay logged in the entire day.
- Encourage everybody to use strong passwords and to update them regularly.
- Provide access to a password manager and insist that it be used.
- Regularly backup your data; ideally have multiple levels of backups.
- Store your backups in a secure, off-site location. Better yet, utilize a HIPAA compliant cloud backup service.
- Keep operating systems and all software up to date and current.
- Utilize security software systems, such as firewalls, virus scanners, and security plug-ins.
- Scan your systems for malware or viruses on a set schedule.
- Regularly train your staff on security issues and preventive measures.
- Establish and enforce strict policies regarding personal use of office computers.
- Don’t allow downloading of files or opening of attachments.
- Discuss the possibility of phishing attacks.
- Conduct a risk analysis for potential security and data breach in your office.
- Correct and update any weak spots discovered during the survey.
Follow All HIPAA Requirements
In the event, your office should get hacked, or there should be a data breach, you want to be able to document that you did everything in your power to keep data safe.
If you do telehealth or use email to communicate with patients, make sure you use a HIPAA compliant platform. Also, be sure to get the appropriate business agreements signed.
As I mentioned above, conduct HIPAA compliance audits and have a HIPAA compliance plan in place. And of course, make sure you document that you trained your staff on HIPAA rules.
For more details and information on staying HIPAA compliant, take a look at HIPAA for Professionals, published by HHS.
Take The Necessary Steps
I know, there is a lot to keep track of. However, once you have your security measures in place, they will be fairly easy to maintain.
Take the time to get the technology in your office “up to speed.” Claiming ignorance or lack of time will not save you if something goes wrong.
Getting hacked is no fun!
It could cost you hours, perhaps even days, of lost time and productivity. Not to mention the headaches of dealing with the fallout from HIPAA and the expense of potential fines.
We’d love to hear from you… tell us what you think.
By Johanna Hofmann, MBA; regular contributor to the NPBusiness blog and author of “Smart Business Planning for Clinicians.”