73
OPHTHALMOLOGY BUSINESS
April 2018
digital.ophthalmologybusiness.org
website can still compromise your
security.
Several questions from the
audience led to pertinent discus-
sion. One attendee asked for the top
priorities to keep a practice safe with
little time to dedicate to IT security.
Mr. Killmer said to establish a sender
policy framework that can identify
some phishing emails (if you have a
spam filter this should be included
already). You should also educate
and train employees about how a
phishing attack works and to con-
firm the legitimacy of requests that
might be coming from a friend or
colleague. Mr. Killmer recommend-
ed a third-party penetration test/risk
assessment, but noted they can get
expensive.
Another attendee asked about
onboarding an in-house IT profes-
sional. Mr. Killmer said that it is a
good idea to have someone focused
on IT. "It's a better idea to have
them dedicated, but cost needs to
be evaluated," he said, acknowledg-
ing that small organizations can
get away with one person wearing
many hats. Once an organization
reaches 100 employees, he rec-
ommended having someone who
devotes 80–90% of their time to IT
security.
In response to a question on
cybersecurity insurance, Mr. Kill-
mer said organizations without an
individual focused on IT security are
more likely to be compromised and
might consider insurance. In com-
parison, an organization that is very
locked down wouldn't necessarily
need insurance.
On the whole, will things get
better? Mr. Killmer asked. "Yes, but
this is a cat and mouse game that
has been going on since the dawn
of time. For as long as people have
had things that people want to take,
people have been conning other
people.
"Right now, the hackers are
winning; they've got far more out
there malicious than what we can
do to defend, and that's largely
taking advantage of our trust in the
overall good of the internet. We
need to start reclaiming some of
that and reevaluating some of the
trust and not allowing access
to everything on the internet. …
Security is a business responsibility
… as such, business leaders are being
held accountable for failures on
security," he said. EW
Editors' note: Mr. Killmer is an em-
ployee of Netgain Technology, an IT
management company focused on the
healthcare and financial industry.
Contact information
Killmer: Charles.Killmer@netgaincloud.com
