Luke Westwood shares his thoughts on the cyber security risks dental practices are facing every day and why a new approach to training is needed.
As dental professionals, it’s easy to think there’s no risk of being hit by a cyber attack as the hackers aren’t interested in a local practice. Especially if it’s an independent practice. But this couldn’t be further from the truth.
With so many high-profile cyber attacks in the news recently, it’s tempting to think that cyber criminals are only targeting big retail businesses, and your practice isn’t even on their radar.
Hackers work like real businesses
But, just like how some businesses only work in certain industries, hacking groups also do the same.
Some will only work in targeting financial institutions, some will only target universities, and importantly for you as a dental professional, some will only work in healthcare.
As a healthcare provider, dental practices hold a huge wealth of private information of your patients. This data alone is highly valued by cyber criminals, and they will be able to sell the data they’ve stolen. They will even be able to target your patients directly to make more money, which is done using their stolen data.
Lastly, hackers will use techniques like ransomware to hold your entire practice to ransom, if you want to get access back to your network. Think of hacking as three-pronged approach, which ensures they get the most financial value out of every practice they target.
Your people are your front line
With social media sites like LinkedIn, hackers can get an understanding of your entire practice and use this public information to their advantage. They can also use this to target every individual in the practice, to see who the weakest link is in your front-line of defence.
While technology is always evolving, traditional techniques such as phishing emails and social engineering are still the favoured methods of attack. Why? Because they work.
We’ve all seen an email, which looks genuine but turned out to be fake and something we shouldn’t have clicked. But in the moment of stress and urgency, created by the email itself, we were drawn into a moment of panic and still clicked.
Why cyber security training matters
In order to defend your practice from a cyber attack, every member of your team needs to understand the risks, how to spot potential attacks, and ultimately protect your practice from being wiped out in a day. This is why training is so important. Whether it’s using eLearning, or team sessions.
But training your team once a year, or even worse, just once and never again isn’t enough. Training needs to be done regularly and your culture needs to be focused on cyber security.
Hackers want you to let your guard down
Hackers know that we all have moments when we let our guard down and feel like security doesn’t matter to us. But it’s in these moments of a lapse in vigilance, which hackers are waiting for.
Hackers can stay hidden for weeks
One of the scariest parts of an attack is that hackers are already in your system before they make themselves known and launch a ransomware attack.
They use this time in your system, to go through your files, your practice’s financial data, the data of your patients and secretly transfer everything they want onto their own network. Then they strike.
Tick-box training doesn’t work
In the past, cyber security awareness training was often seen as something which employees would only need to do once a year. But with cyber-attacks making the headlines every day, things have changed. It’s something that should be done throughout the year.
Whilst a regular training might sound excessive, it is the new way of cyber security awareness training. By using bite-sized training, a communications campaign and an entire library of ready-to-use eLearning modules; all you need to do is press the launch button. This is what we specialise in at Cyber Pegs. We also provide one to one training sessions for practice managers, as they play a key role in protecting your practice and have extra pressures on their shoulders.
If you’re interested in learning more about the training Cyber Pegs provides and how we can help your practice please visit cyberpegs.com or give us a call on 020 3051 4960.
This article is sponsored by Cyber Pegs.
