How to avoid cybersecurity threats at your practice

There is no denying that the web browser has become the new operating system for many veterinary practices. With increasing use of cloud-based practice management software systems, many veterinary hospitals now rely nearly 100% on web browsers to access and manage their confidential data. From a technology management perspective, this is great because the use of cloud-based software reduces dependency on local hardware. However, it also increases the practice’s web presence and thus its exposure to growing cybersecurity threats.

Here are three recommendations to help you mitigate your practice’s exposure to malware and other cybersecurity threats.

Use strong passwords, and store them in a password manager.

Most individuals and businesses get hacked because they have predictable or previously compromised passwords. The most commonly required (and most commonly hacked) password format is one that includes at least one upper-case letter, one number, and one symbol. Most people creating this type of password capitalize the first letter of a common word, followed by the number 1 and an exclamation point at the end (e.g., Welcome1!).

This is a perfect scenario for a hacker. By using social engineering or a single crafty email, they will be able to obtain the password and, to make matters worse, add the password to black-market lists, allowing numerous hackers to automate the hacking process with little to no effort.

When creating a password, it’s best to avoid birthdays, anniversaries, and other personal information. Also avoid using common words (e.g., password, house) or overly sophisticated words, and be sure to use different passwords for different accounts. Here are a few tips for setting a secure password:

• Use a mix of different characters types (numbers, symbols, and upper- and lower-case letters).
• Include two or more random words or nonsense phrases.
• Think of a word or phrase, and then substitute the letters with numbers and special characters and mix the case (e.g., dogsandrhinos becomes D0gz&rh1n0z).
• The longer your password is, the harder it will be to crack, but be sure it's one you can remember.

A great tool for individuals and veterinary practices is a password manager. A password manager (e.g., 1Password or Lastpass) assists with generating and managing your passwords—the first step to healthier internet security.

Keep software updated.

The simplest step you can take is to keep your operating system, web browser, and software up-to-date. This includes all PCs, laptops, tablets, and smart devices. These updates include important security updates to protect your private information. Keep in mind, hackers only need to find one way in. Meanwhile, we are challenged with finding all possible entry points and with finding the time to perform the updates. Schedule software updates to minimize the impact their impact during practice hours.

Enable two-factor authentication on all critical accounts.

For accounts that are mission critical, such as your practice’s email, bank, and QuickBooks accounts, make sure you enable two-factor authentication so that when you sign in, you receive and must enter a one-time code to access the account. This code can be generated through an app like Authy or through a text message that gets sent directly to your device. Using this feature saved me last year from a potential cybersecurity threat.

While traveling to a practice, I arrived at the airport and opened up my laptop to check my email. I had been working on some Health Insurance Portability and Accountability Act (HIPAA) compliance issues for a colleague in human medicine and had received an email from the HIPAA auditor that looked authentic. The email indicated that the auditor needed to share a confidential document with me via Microsoft SharePoint.

This was a legitimate process, something I would do frequently. However, there was one big clue that gave the hacker away: When I logged into this fake Microsoft SharePoint account, I wasn’t prompted to enter my two-factor authentication code, which was odd considering I had it enabled on my business email account. I was then redirected to a seemingly legitimate government form about HIPAA. I thought it was strange that he would password encrypt this document, but before I could investigate why, I started getting two-factor authentication requests from my email account—someone in Pakistan was trying to log into my account.

Because I had enabled two-factor authentication, I prevented this attempted breach. I then used my password manager to update and generate a new password and moved on. If I hadn’t enabled two-factor authentication on my account, I would have granted the hacker access to sensitive material and risking excessive damage to my account. The best way to protect ourselves is to have the right tools in place to cover our tracks.

Clint Latham is the founder of Lucca Veterinary Data Security, which aims to help practices maintain online security.