October is Cybersecurity Awareness Month and we’re sharing three best practices to help our partners in hospitals and healthcare practices understand the risks faced by anyone with a device—and how to take action to protect both personal information and patient data.
1. Implementing the First Line of Defense with Strong Passwords
As cyber threats are evolving and becoming increasingly sophisticated, employees should take the first step to fortify their accounts with robust and unique passwords. John Garcia, Information Security Manager at Pixel Health, shared a few strategies.
“The complexity of a password matters,” he said. “Every person at a hospital or healthcare organization should be creating passwords with a mix of uppercase and lowercase letters, numbers, and symbols. This complexity makes it significantly harder for attackers to guess a password.”
Hackers can attempt brute-force attacks, where they attempt many possible password combinations. John shared best practices for thwarting these attacks, which include:
- Using 12 or more characters
- Avoiding common words as hackers often use dictionaries to crack passwords. Personal information, such as birthdays or names, should also be avoided.
- Creating unique passwords for each account to avoid the risk of one compromised account affecting multiple accounts.
- Using a password manager to securely keep track of different passwords.
- Scheduling periodical password updates to reduce the chance of unauthorized access.
2. Recognizing Phishing Attempts in Business Emails
In what is called “social engineering,” hackers will send seemingly personal or compelling messages to connect with their targeted victim, often creating a sense of immediacy and urgency to act. These messages are sent through email (phishing), text message (smishing), or over the phone (vishing). The victims may reveal sensitive information like passwords, credit card details, or personal information or even feel compelled to make fraudulent payments.
“Phishing is definitely still the number one cause for business email compromise,” said John. “For instance, one of our customers had a scenario where an employee clicked on an email that looked like a Microsoft Teams document and the hackers stole her credentials. They then used her account to forward the same email to her coworkers and the situation escalated.”
John recommended that employees take steps to protect themselves from phishing with a few strategies:
- Be skeptical of links or download attachments from unknown senders. Cybercriminals often mimic legitimate organizations.
- Check links before clicking by hovering the cursor over links to preview the actual URL (website address). Be cautious if the link doesn’t match the organization’s official website.
- Verify requests if an email asks for sensitive information or payment. Contact the organization directly using official contact information.
- Notice spelling and grammar as typos or grammatical errors are a red flag.
- Recognize urgency and threats as typical methods for hackers to manipulate recipients into taking immediate action.
3. Maintaining Social Media Privacy
While social media can foster connections, it also exposes people to privacy risks. To maintain control over personal information and digital footprints, John shared several privacy-conscious practices:
- Regularly review privacy settings and limit who can see posts, personal details, and friend lists.
- Be cautious with sharing personal information such as birthdates, addresses, or contact details, which can be used for identity theft.
- Review friend requests and only accept requests those from known people. Be cautious of links shared via private messages, which could lead to malicious websites.
- Enable multifactor authentication (MFA) for your social media accounts to add an extra layer of security by requiring a second form of verification in addition to a password.
- Be selective with third-party applications which grant access to your account. Review the permissions requested from your account and revoke access to those applications no longer in use.
- Consider private posts over public posts as public posts can be seen by anyone, including cybercriminals.
- Schedule regular profile cleanups to review friend lists and remove individuals if interaction is limited or they are no longer considered trustworthy.
Proactively Promoting User Awareness
“User awareness of cybersecurity is really key within healthcare organizations,” said John. “From strong passwords to user training, security is everyone’s responsibility.”
Pixel Health offers the KnowBe4® solution, which provides customizable, targeted training to keep employees up to date on best practices in cybersecurity. Get in touch to learn more about how our team can help reduce your security risks—and keep your employees and data safe.