Is your clinic safe from cyber-attacks?
Are you aware of the different types of viruses and attacks that can damage your veterinary business?
Small veterinary businesses are extremely susceptible to cybersecurity attacks because of the large amount of data they possess.
Knowing what to look for and how you can protect your practice from cyber-attacks is the first step to ensuring your data is secure.
We have collected the best information to help you understand why data security is so important.
We have all have hundreds of emails saying what GDPR is. The real question is how are your third-party suppliers are making you complaint and how can GDPR benefit your customers?
1.1 How do you make sure your third-party suppliers are making you GDPR compliant?
Ensure you map the flow of your customer’s personal data to understand where it’s going, who it is going to and how it’s being processed. If there is a weak link in the chain then you will be held accountable.
Due diligence is the key to this. Review existing supplier contracts to ensure they’re compliant. Ensure they have set strict policies about how they collect, process and store personal data.
Understanding if your suppliers are GDPR compliant will show customers you are doing everything you can to ensure that their personal data is protected.
1.2 How will GDPR benefit customers?
GDPR will benefit your customers and improve customer engagement.
Customers who give consent for your clinic to you use their data for marketing purposes will receive messages that they want. This will mean less spam for the customers, a higher response to marketing messages and more business for your clinic.
Not only that, but GDPR can help you develop your data-driven marketing strategy (Read more about this here! Link to other blog post). The data you collect will be accurate and relevant, meaning you can build deep insights into your customers, to know what message to send and when they need it.
GDPR is a force for change that will help foster better relationships with you and your customers. Being transparent about how you use and store their personal data will only improve the relationships you have with your customers.
Below is a GDPR checklist you can use to ensure your veterinary practice is GDPR compliant.
2. How can you protect your practice against attacks?
How can you ensure your data is secure for your veterinary practice?
You know that antivirus software is important, but what else?
We have collated the best advice to protect your veterinary practice from cyber-attacks.
2.1 Local server vs cloud software
Storing customer’s personal information on a local server can leave you vulnerable to a cyber-attack. With a local server, all computers and other devices are linked to that server. It would only take one device on the network to become compromised, and all data on that network is at risk.
On the other hand, cloud software stores all your data online in secure data centres, making it that much harder for cybercriminals to obtain personal information.
Cloud software solutions, like Vetstoria are great as they store multiple copies and backups of your data at secure data centres.
Creating this distance ensures your practice data remains isolated from local machines. This means if your computer becomes infected, you can access all your data from another device.
2.2 Regularly update software
A lot of devices in your clinic will be connected to the internet. Your phone, computer, tablet, printer and more could be hacked and pose a threat. By regularly updating these devices, you can avoid being hacked.
Cloud software, like Vetstoria, have regular updates so you know your information is safer from hackers.
Not only does it regularly update software, but our real-time booking software automatically synchronises appointments to your calendar in your clinic’s management software. Allowing you to focus on other endeavours, like data security.
Like cloud software, operating systems such as Windows, iPhone iOS, Linux, Android, and macOS are regularly updated to improve functionality, fix bugs and generally improve security. Read on to learn how you can automatically update your software.
Windows 10 will automatically download and install updates to your device. To ensure automatic updates are turned on, go to ‘Windows update settings’ and check that software updates run automatically.
Apple computers will inform you of any updates but if you turned the automatic feature off, go to the ‘App Store’. Once it is opened click the ‘Updates’ icon at the top of the screen to check if updates are available.
Go to ‘Settings’, scroll to the bottom and select ‘About’. Select ‘Software updates’ from the menu and the device will check for available updates.
Go to ‘Settings > General > Software Update’. If a software update is available, you will see a red dot with a number. Click this to download and install. To update your iPhone/iPad, click ‘Install’.
You can choose to update your device during the night. Just plug your device into power before bedtime and your device will update overnight.
Regular backups are a great preventative measure you can take to protect your data. Important files should be backed up at least once a week, preferably every 24 hours. This can be performed manually or automatically.
This will take longer than an automatic update so you will need to decide important data you need to back-up. Contact information, customer information, bookkeeping and order information are some examples of important data you want to back-up.
This information can be stored on a USB or external hard drive and must be treated with extreme care. Sensitive information on these devices needs to be stored safely at home or in a safe to ensure it is not stolen.
Cloud-based solutions are a simpler and easier way to automate backups. This ensures important files can be backed up every 24 hours. Unlike Google drive or Dropbox, cloud-based solutions continuously copy all of the files on a computer to their own cloud servers.
IDrive, Acronis and SpiderOak are some examples of cloud-based solutions for small businesses. Alternatively, Google drive offers 15GB free which may be enough for your practice.
2.4 Staff training
91% of cyber-attacks and the resulting data breach, began with a phishing email, according to a 2016 report from PhishMe. This indicates a clear need for education on emails containing malware.
Here are some topics you can cover to better educate your staff about data security:
- Stick to business. Make sure you establish clear rules on what your employees can install and keep on their work computer. You can block gaming sites, gambling sites and Facebook to ensure employees follow policies.
- Phishing emails. Educate staff what a phishing email looks like and how to report it. You can explain key indicators that differentiate a phishing email to a normal email. For example, check for spelling mistakes as brands won’t make them. Analyse the greeting. If the email is addressed to a “Trusted Customer” don’t trust it!
- Passwords. How do staff use their passwords? Do they write them down? They shouldn’t! Ensure they know that passwords are a mix of upper and lower-case letters, number and symbols. Best practise also suggests changing them once a month. If remembering passwords is a problem, discuss password management software, like LastPass. They can house passwords as well as generate unique and secure passwords. But the perfect solution? Two-factor authentication.
3. What cyber-attacks are out there?
Cyber-attacks are out there and regardless if you are prepared for them or not, everyone must know what online threats are out there.
Here are just some of the most common cyber-attacks that could damage your veterinary practice and how you can avoid them.
This is any piece of software that was written with the intent of stealing information or damaging your computer.
This is normally found in email attachments or software downloads. Once the attachment is opened the malware will send emails out to your entire contact list.
To prevent this from infecting your clinic, don’t click on links or download attachments from unknown senders. Updating your computers operating system is also vital. These updates address faults in your computer’s software and fix them.
Spyware is any type of software that gathers information about an individual’s computer activities and sends this data to a third party.
This software installs itself on your computer by piggybacking on compromised versions of legitimate software. Without you knowing, spyware runs in the background gathering information.
Spyware is able to track your browsing habits, redirect you to advertising or compromised sites, send unwanted pop-ups or collect sensitive information and send this to third-party users.
You can prevent spyware attacks by remaining wary whilst surfing the internet. Right-clicking on the border of a pop-up window at the top and selecting close will prevent spyware from being downloaded.
A multi-layered antivirus solution that removes spyware threats and a web protection feature that block fraud or infected website. Norton and McAfee are common antivirus software solutions worth investing in.
Browser sandbox protection is another method to keep your data secure. This takes your internet browser into a virtual environment. This means any file downloaded from the browser remains isolated in the virtual environment, preventing any damage to your computer. Sandboxie and Time Freeze are great sandbox applications you can use.
Ransomware prevents users from accessing their personal files or their computer and demands ransom payment to gain access.
This is introduced into computers predominantly through an email which contains harmful software. Malvertising can also deliver ransomware with little to no user interaction. Malicious code is injected into ads and once the user has interacted with the ad, the ransomware is downloaded.
Secure backups of your data need to be made on a regular basis to prevent against ransomware. This can be achieved using cloud storage with two-factor authentication or an external hard drive where you can save updated files. IDrive, Google Drive and Acronis are some great cloud backup options.
3.4 Phishing emails
Phishing emails are sent to users and ask them to click on a link and enter personal information. Similar to spam, but can cause considerably more harm, phishing emails include a link to a fake website to steal private information.
You can prevent yourself against phishing emails by verifying the request with that company over the phone. Do not call the number in the email as this is another attempt to steal your information.
Phishing emails from imposter banks are quite common. Fortunately, most companies will never ask for personal information by email so you can easily identify the email is legitimate or not.
3.5 Password attacks
This is exactly what it says, a cyber-attack that attempts to infiltrate your systems by cracking your password.
This requires attackers to run software which will try to crack your password. This software can use many methods to do this:
- Brute force attacks – A computer program that will try to log-in with random password combinations, beginning with the easiest-to-guess passwords.
- Dictionary attacks – A program that cycles through combinations of common words, such as words in a dictionary.
- Keylogger attacks – A program that tracks and records the keystrokes of a user to capture passwords.
Strong passwords are a way of protecting against these attacks. A combination of upper and lower-case letters, as well as numbers and symbols. Regularly changing passwords will ensure hackers have no chance of stealing your passwords.
Two-factor authentication is a must have as this provides another line of security. This means a password and another security factor, a one-time unique code sent by
text, is required to log-in. This ensures your system is nearly impenetrable to a hacker.
Check out this video to see more hack cybercriminals use to obtain your data.
Hopefully, this encourages you to have a look at your existing network security to ensure you are prepared.
Keeping your data secure in the modern age is vital as cyber-attacks become more sophisticated.
By implementing the necessary safety precautions, you can keep all your data secure.