Majority of small businesses do not have the money and resources to spend on high end security systems. Coupled with the prevailing attitude that they are not big enough target for hackers, small businesses tend to cut corners on their IT infrastructure and leave themselves open to attack. Internet thieves are finding a wealth of information in the computer systems of small businesses. Just consider the case of a small healthcare practice having 2 providers and supporting staff providing services to around 6000 patients. Just think about the information available. Each record contains health as well as financial information about the patient. Additionally, the computer system may also have business information, employee information as well as personal information about the business owners. Just imagine how valuable this information is! A thief can use this information to access bank accounts and wipe them out, sell medical identities on the black market, get medical care, alter medical records of patients etc. The consequences of such actions on your practice can be devastating.
It doesn’t have to come to this. Use of appropriate cost effective technologies and proper policies can protect your practice from data loss. Basic steps your healthcare practice can take to prevent unauthorized access to computer systems and network include:
- Keep your computers up to date on operating system updates and patches.
- Install good anti-virus software on all your computer systems and ensure that they are continuously updated with the latest definitions.
- Install a business class firewall to protect your network from unwanted attacks.
- Mandate strong passwords on all your computer systems.
- Encrypt all confidential practice data. This will protect the information even if someone does gain unauthorized access to your system.
- Have regular backups made of all your data and ensure that you can recover all the data when needed.
- Strictly control personnel access to your systems that have confidential information. Limit access only to essential personnel.
- Have well documented policies for proper computer usage with respect to email usage, surfing the web, downloading music etc
- Limit what software applications are allowed on each computer. Only those applications that are essential for work should be permitted.
- Have strict policies regarding social media usage and what information can/cannot be shared.
- Have well documented policies for use of laptops, smartphones and tablets.
- Ensure that all your staff is aware of your security policies and is properly trained in the appropriate use of computer systems.