As more of our lives and work move online, cybersecurity becomes ever more important. It’s a particularly pressing concern for our HealthyPractice members, given the sensitivity of the records they hold about their patients.
That’s why MAS is proud to support Cyber Smart Week (14-18 October) – an initiative organised by the New Zealand Government’s cybersecurity agency CERT NZ.
Cyber threats have been around for decades but they’re increasing in frequency and impact. In Q2 of 2019, CERT NZ received reports of almost 1,200 cyber incidents – a 21% increase on Q1 2019. Of those 1,200 incidents, 59% of the reports related to incidents targeting individuals.
The most common incident reported was some sort of scam or fraud, followed by phishing and credential harvesting attacks, with unauthorised access incidents coming in third.
It can be difficult to quantify the full impact of these incidents, but CERT NZ believes they caused around $6.5m in direct financial loss in Q2 2019, up from $2.2m in the same period last year.
Cyber Smart Week is a great time to check your online security and make sure you’re taking some simple steps to keep yourself and your patients’ records safe.
Change your passwords regularly
Put simply, you need strong passwords and you need to change them regularly. It might be convenient to use “password” for everything but you’re putting your patients’ information at severe risk. You should aim to change your passwords every few months, and it’s a good idea to use a combination of letters, numbers, and symbols in your password. As far as remembering your passwords, there are various password managers that will help you keep track of everything.
Make sure you stay on top of all the relevant software updates
The next job is to make sure your IT system is fully supported and that you keep up-to-date with any software updates that are issued. Not only do those updates improve the usability of your system, they also contain regular security upgrades to patch any flaws.
Use two-factor authentication
Two factor authentication (2FA) is a way of double-checking someone is who they say they are when they try to login to a system. So, as well as providing their username and password, they will often be asked to enter a special code that is texted to their phone. You can add 2FA to all sorts of things but it’s essential on systems like email or accounting software and databases holding patients’ records.
Update your default credentials
New IT products generally ship with a set of default credentials – passwords, administrator access rights and so on – to help users get set up. Once this set-up is done, you’re supposed to change these defaults to something unique to you but that doesn’t always happen. So it’s a good idea to check to see what sort of settings your hardware or software has, and if you see any of those defaults still in place, make sure you change them immediately.
These are a few basic tips to get you started but cybersecurity is something you need to take seriously, and it may be worth seeking professional advice, tailored to the needs of your practice.
Cyber threats are always evolving so it’s also something you need to check in on regularly, and make sure your staff receive regular training. For more general information on cybersecurity, check out the resources at www.cert.govt.nz.
If you’re worried about what might happen to your practice if you suffer a cyberattack, you might also want to think about cyber insurance. MAS has partnered with Delta Insurance and Frank Risk Management to provide cyber insurance for practices like yours. This insurance covers things like business interruption, data forensic expenses, IT consultation services, and public relations costs. When you take up this insurance, you also get a free cyber health check, with ongoing regular advice and technical guidance.
If you want to find out more, visit www.frankiemed.nz or call Frank Risk Management on 07 903 5000.
Other recent articles
4 August 2020
Those difficult conversations…. A frequent question for the HealthyPractice team is how to address an employee’s poor behaviour or attitude. Sometimes this behaviour has been an issue for some time but has never been addressed.
7 July 2020
2020 has among may other things given some examples of good leadership and others of not-so-good leadership! Wikipedia defines leadership as – “the process of social influence in which one person can enlist the aid and support of others in the accomplishment of a common task”
3 June 2020
The COVID-19 pandemic has forced an enormous number of changes on the way we all live and work within a very short time. It hasn’t been easy and a full economic and social recovery may take years. But for many individuals and workplaces, the lockdown also provides an opportunity to review the way they work and reassess their options for when things get back to some sort of normality.
Join other practices already using HealthyPractice.Register now