DARKHORSE TECH

Blog

Blog

Information Security for Dental Offices – The Basics

One of the greatest responsibilities of an IT Company/MSP is network security.   Dental offices face threats from cyber criminals at an ever-increasing rate.  We not only pride ourselves on being HIPAA experts but threats to our clients drive the security options we recommend.  Before a client is onboarded we audit their system to pinpoint any potential weak points in their existing security, we offer recommendations and  explain what those components do and why they are necessary.  Once a practice has decided to work with us we provide them with the baseline of our security protocol, an actively managed firewall, backup and disaster recovery hardware and software (to secure their data and provide failover options), anti-virus and anti-ransomware software (proactive option highly recommended), our 24/7 monitoring software, quoting and documentation on any HIPAA pitfalls currently existing in their practice, and a rundown of best practices for their internal SOPs.  While we have focused on what we do for our clients and what practices should look for from an IT company in previous posts this article outlines some simple steps any office can take to make information security just a little easier for their team.

“Common Sense”

 

You’d be surprised how many common mistakes could be avoided when it comes to information security for dental practices by taking a deep breath, standing up and sitting back down.  It is too easy to be caught up in the “drama” of a situation, if offices would step back and consider the situation they are facing their chances of doing the wrong thing drops dramatically.  By being alert and attentive with critical thinking almost all information security issues are avoidable.  If (for example) you or an employee are asked to reveal information, consider the request; where is it coming from, is that request solicited or unsolicited, if unsolicited this is very likely a dangerous scenario.  However, if the request is solicited but you do not have a contract with the solicitor and are willing to provide names, emails, computer usernames, computer passwords, etc. you should take a minute before you move forward and if you have an IT company at your disposal, ask them to investigate.

Recommended Policies and Best Practices

Passwords

Information security starts with a classic, choose a strong password, read: hard to guess.  Far too often we are greeted with existing passwords consisting of names, nicknames, common words, addresses, phone numbers, number replacements like pa55w0rd and so on.  You can take a first step to securing your practice by implementing passwords that let’s face it, are annoying.  Is this article meant to frustrate you, no but annoying passwords once implemented can be managed by password management tools (do your research here as well) which utilize encryption to prevent hacking.  When it comes to choosing an annoying password to improve your information security there are some simple steps to follow:

  1. Long passwords are key – 12-14 characters would be a good place to start
  2. Symbols, numbers, characters and varied capitalization (again, is it annoying? – then it is probably a good password)
  3. Do not use the same password across multiple accounts, your Facebook, email, Instagram, bank account…. if I just reminded you of one password, go change them now
  4. Do not share your passwords, there are exceptions (like your IT company) but in general, don’t do it
  5. Change your passwords frequently (every three months is a good rule of thumb)

Lock Your Workstations

There are a variety of ways to accomplish locking of workstations but any solution is better than leaving them open, not only is leaving a workstation accessible a HIPAA violation but also leaves your office vulnerable.  Perhaps the simplest form of computer locking is to sign out or to press the Windows key on your keyboard + “L” at the same time.  You can also set all computers in your office to lock or log out after a certain period of time (5 minutes?).  Look into solutions tied directly to each user within your office (fobs for example).  However, we also highly recommend solutions connected to Active Directory (you can learn more about Active Directory in a previous blog) to ensure information security.

Secure Your Network 

While your IT provider should set you up with a secure network (private, encrypted, hidden) and a public network for your patients, your team can still access the public side.  Your team needs to take personal responsibility for ensuring that they are using the private network at all times.  Essentially, trust your provider to give you the tools you need but double-check that your employees are aware of their responsibilities when it comes to information security.  From a hardware perspective whether you have a self-enclosed IT rack or a server room it is imperative that they are housed in a secure, lockable space.  Your server (if you aren’t on the cloud) and network components should not be accessible to the general public and ideally would only be accessible to a select few (your “inner-circle”.  This type of security ensures your practice has another level of protection and is one step closer to HIPAA compliance.

Individual Awareness

As with your network there are some simple steps that you and your team can take to ensure information security.

  • Avoid pop-ups, unknown emails, and links. Never enter personal or company information in response to an email, pop-up webpage, or any other form of communication you did not initiate. Phishing can lead to identity theft. It is also the way most ransomware attacks occur.
  • Never send any passwords via email.
  • Never send any personal information over email.
  • Never open an attachment within an email from a company or person you don’t know (or that you were not expecting). DO NOT REPLY TO THESE EMAIL THAT WERE UNSOLICITED
  • Don’t open emails from someone you don’t know or trust.
  • If you think it may be a real email send a new email asking about the email in question.

Failsafe Measure

Whether you entrust your IT needs to Darkhorse Tech or another IT company/MSP, keep in touch!  Report security warnings from your internet security software, some threats may come up unexpectedly, it is best to report these to your IT team ASAP.  These threats include unsolicited emails, pop-ups and alerts that may show up while on the internet.  Information security, one more way to connect with the people you trust the most.

About Darkhorse Tech

Whether you’re just starting out or a well-established organization, Darkhorse Tech has the experience and technology to help get you moving, cut costs, and streamline your operations via unlimited IT support. We are here to help you do what you do best: focus on providing top-notch care and service for patients – not dealing with IT problems, lag time spent talking with technical support, or complicated technological mishaps. Unlimited IT support services help the whole team work efficiently without worrying about significant system issues or constant interruptions.

Our additional security services include:

  • Unlimited Remote and/or On-Site IT Support of All Your Hardware and Software
  • Improved Network Performance and Security
  • HIPAA Compliant Off-Site and Local Backup Service (Darkhorse Secure Backup)
  • Managed Antivirus, Anti-Malware, and Anti-Ransomware (Darkhorse Security Products)
  • Compliance & Security Laws Standards
  • Microsoft Security Patch Management
  • Vendor Management: We will be on the phone, not your employees
  • Secure, Remote Access to Your Office
  • Firewall Management
  • Network Management
  • Long Term Planning and Budgeting​

Contact us anytime if you want to learn more about our dental-specific solutions and unlimited support packages. Our friendly customer service team will get back to you in no time.

 

Complimentary Consultation

Read Our Reviews

 

Let’s get started. Call us today at 800.868.4504

Follow us

Menu
Logo Dark

Enjoy This Post?

If you found this article helpful and would like to speak to a member of our team about Dental-Specific IT, send us a message!

Enjoy this post? Click the arrow to speak with a member of our team!

Logo Dark

Enjoy This Post?

If you found this article helpful and would like to speak to a member of our team about Dental-Specific IT, send us a message!

Thank You!

Your submission has been recieved, a representative will reach out to you shortly!

We are fully HIPAA Compliant