EyeWorld is the official news magazine of the American Society of Cataract & Refractive Surgery.
Issue link: https://digital.eyeworld.org/i/407647
and for good reason. As the name suggests, a user must go through two steps in order to gain access to information, not just one. This can mean either two sets of usernames and passwords, such as logging in to a main system with one username and password, then using a second password to access specific informa- tion, or using something physical to gain access to a computer, like a badge or a fingerprint, followed by entering a username and password. "If someone knows what your password is, they still can't do anything without your badge. If your badge is missing, you quickly report it stolen, and they can't do anything without a password," Dr. Qaum explained. On the payment side, tokenized payment systems are the next step in protecting customer data. These systems remove credit card numbers and replace them with randomly generated numbers. They can also be configured to expire after one purchase or made specific to just one transaction, thus making them useless targets for hackers. Ms. Solovic believes balancing the use of these new technologies with common sense and vigilance are smart moves that protect both businesses and customers. "I always liken it to this: You can have the most elaborate alarm system on your home, and you can have all the bells and whistles and every piece of security you can think of, but if you go away and you leave your back door open, how good is that going to be for you?" she said. EW Contact information Solovic: susan@susansolovic.com Qaum: tamimqaum@hotmail.com Jeng: bjeng@som.umaryland.edu most breaches are internal, by some- one within the practice, whether that be an employee of the practice itself or a member of the cleaning staff who hacks into the computer after all of the staff has gone home," Dr. Qaum said. Something as simple as walking away from your computer for a few minutes without logging off first may not seem like a big deal, but it creates a window of opportunity for someone to gain access to the system, Ms. Solovic said. Keeping your eyes open for ab- errant behavior and using software to track what each user is accessing are also ways to stop a would-be hacker. "For example, if you notice the average staff member pulls 100 records a month, and you suddenly notice that one staff member is pull- ing 500 records a month, you have to wonder what's going on with that one staff member. Why are they pulling five times as many records as someone else? What is the need for that information? Is it legitimate or not?" Dr. Qaum said. An increasingly common risk is that employees bring their own devices to work, which means they are getting company emails on their personal smartphones or tablets. Ensuring that sensitive patient information is not accessible on a personal device also helps protect data, Ms. Solovic said. Multi-factor authentication and tokenized payment systems Newer technologies that protect both patient information and pay- ment data are gaining ground fast. Multi-factor authentication is growing increasingly common in order to protect sensitive data, 19 TH ESCRS WINTER MEETING www.escrs.org 20 – 22 February 2015 Hilton Istanbul Bosphorus, Istanbul, Turkey ISTANBUL In conjunction with Turkish Ophthalmology Society, Cataract & Refractive Surgery Section Delegate Registration Open "You have to be very prudent and determined about keeping everyone on alert because it is everyone's responsibility, and it only takes one person to make a mistake. " –Susan Solovic