EyeWorld is the official news magazine of the American Society of Cataract & Refractive Surgery.
Issue link: https://digital.eyeworld.org/i/959475
OPHTHALMOLOGY BUSINESS 72 April 2018 by Liz Hillman EyeWorld Staff Writer backing up data for recovery in the event of a ransomware attack; performing a risk management as- sessment in which you think about what you need to protect and where it lives, what could affect that data, what could happen if it were com- promised, and implementing meth- ods to protect that data; monitoring for compliance; and documenting all of these actions. As for specific technical advice, Mr. Killmer went on to provide a few points on this front as well. Be suspicious of all messages. Even if emails come from friends or colleagues, you don't know if their account has been compromised. If something they're asking you to do might have a negative impact on the business or your personal information, give them a phone call to confirm. Install updates. These updates can close security holes or bring new features, but they can also come with bugs. In these latter cases, Mr. Killmer said that the practice has to decide if the downside of the patch is larger than the upside. Whitelisting. Mr. Killmer de- scribed this as the opposite of antivi- rus software. As opposed to blocking known malicious applications and websites, whitelisting only allows applications known to be good. If implemented, when you want a new application or website that is legiti- mate, the whitelist needs to be up- dated. "It is far easier to implement a whitelist than to trust a blacklist to be comprehensive," Mr. Killmer said, advising later to also install an- tivirus software. If a business wanted to allow its employees to access web- sites—news sites or Facebook, for example—without compromising the network, Mr. Killmer suggested that a few computers be set up in a breakroom with controls so these computers can't communicate to the rest of the office, isolating them should a compromise occur. Use iPhone or Google Pixel platforms only. Mr. Killmer provid- ed evidence showing that non-Goo- gle Pixel Android operating systems do not have as effective methods to deliver security patches to users. Use an ad blocker. Malicious advertisements on a known, good tion to resell to installing ransom- ware, encrypting your files, and forcing you to pay, to using your computer for other illegal activity. Hundreds of thousands of new pieces of malware are released every day. While antivirus software maintains a list of known malware, it needs to update every day just to stay current with the amount of malware out there, Mr. Killmer said. The more recent advent of ransomware was a paradigm shift for hackers, giving them a "better return on investment." Instead of having to sell stolen information or try to use it nefariously without de- tection, ransomware allows hackers to get money directly from you—if you want your files decrypted. Hackers have "many ways to get in. We need to be focused on keeping them out of all those ways," Mr. Killmer said, providing several suggestions to improve data security. These included having a designated specialist with a security credential reporting directly to the adminis- trator; using a password manager; St. Cloud, Minnesota. "Hackers are the modern day con artist. If you think you wouldn't fall for a hack- er's attack …. you're the one I'm worried about most." Today's hackers, Mr. Killmer said, spend an inordinate amount of time making convincing phish- ing emails and other traps to find inroads for your information. But why would a hacker want your per- sonal information or the data held by a healthcare practice anyway? Mr. Killmer said the reasons run the gamut from getting private informa- Ways to enhance your IT security A webinar hosted by the ASCRS•ASOA Health Information Technology (HIT) Committee present- ed attendees with practi- cal steps they can take to improve their data security. "If anyone thinks they are smarter than a con artist, they are mistaken," said Charles Killmer, security officer, Netgain Technology, Protecting your practice from cybersecurity threats Webinar reporter • The ASCRS•ASOA HIT Committee's best practices guide "How to Project Your Practice from Cybersecurity Threats" is available at www.ascrs.org. • A recording of this webinar is available on ASOA's website.