6 ) Routine Maintenance : Remove former users from Active Directory and old devices from the network . These pose a significant security risk . It is not uncommon for us to find former employees with active log-in credentials or devices on the network that no one uses . It is usually an oversight of some kind that is the cause of the attack .
7 ) DNS Filtering : DNS filtering protects by blocking access to compromised websites , Spam based websites , and malicious websites . It also can free up network resources and bandwidth ( and increase office productivity ) by blocking visits to sites like Spotify , YouTube and ESPN , among others .
8 ) Proper Data Back-Up : Best practices say you should back up your data both locally and in the cloud . There should be multiple versions in case one gets infected or locked . Also , make sure you test your backup recovery at least once per quarter . Finding out your back-up is useless when your practice is relying on it is worse than not having a back-up at all .
9 ) Segregation of networks : With so many devices capable of logging onto your network , it makes sense to keep them separated . Visitors and vendors go on a restricted guest network while employees work within the business network . This prevents outside forces from infecting your network .
10 ) Advanced Security Tools : This suite of products and services combines advanced security tools using artificial intelligence , machine learning , analytics and a staff of security experts to predict , identify , and prevent attacks that your typical virus protection would miss . It also will analyze end user and network data patterns to spot suspicious changes in activity or data traffic sooner and halt the damage before it can spread .
11 ) Dark Web Scanning : The Dark Web is where all that stolen data and PHI goes on the market . Passwords , emails , personal information and more is up for sale . By continuously
monitoring the Dark Web for personal information , you can take action to protect yourself before criminals can gain access to your data or steal your identity .
12 ) Encryption : Having your files encrypted in a ransom attack is bad . Using encryption to prevent others from gaining access to the data on your files is good ! You can employ different levels of encryption from data at rest to end-to-end encryption . Choosing the right level for you depends on many factors .
13 ) Cyber Insurance : When all else fails , cyber insurance will help offset the costs associated with a ransomware attack or penalties for not protecting PHI . Don ’ t assume that your general liability insurance will cover these claims . It usually does not . There are also several types of protection to choose from . You may not need copyright infringement protection but may want social media coverage . It is best to consult with a Cyber Insurance expert .
Those are some of the ways you can protect your practice and yourself from being a victim of a cyber-attack . How did you do ?
Hopefully , you are already utilizing many of these security measures . But please remember , your best defense is only as good as your weakest link . Keeping criminals out 99 % of the time is statistically great , but it only takes one time to bring your practice to a halt .
As the preferred IT provider of the Greater Louisville Medical Society , we offer a complimentary security assessment to all members . We will give you a detailed report of where you are most vulnerable in your defense . For more information on the assessment , please call 502-584-2383 or visit https :// langcompany . com / managed-it-services / network-assessment /
ADVERTORIAL AUGUST 2021 29