Computer security can be an intimidating topic with many terms, acronyms, and different attacks to understand. We’ve all heard the terms phishing, malware, viruses, and ransomware, but may not fully understand what these things mean and how they are a threat to you. You can be exposed to all these attacks simply by using email or browsing the web. What can a user or business do to defend themselves and their patient data against this vast array of risks? As with most things in life, there are many simple things you can do to protect yourself against the most common forms of computer attacks. In this two-part series, we’ll break down some of the most common threats and suggest a few simple things you can do to protect yourself against them.
OralDNA® Labs does many things to secure your data. The first is using encryption to secure traffic between your office and our servers. When you see the “lock” icon next to the address in your web browser that tells you that the information between you and our website is encrypted and is protecting your data while in transit across the internet. We keep our servers and operating systems up to date. Our systems are behind firewalls with intrusion protection systems which allow us to scan and monitor our systems looking for vulnerabilities. However, you have an important role to play in your own security by protecting yourself and your computer against common threats.
There are several important jobs you have as an internet user to protect your own data and keep yourself secure. The first is to take care of your personal workstation or devices. This includes keeping your computer current with the latest software updates. This will protect you from common exploits that can easily compromise your device. You should verify that your computer has a security system such as a firewall so that it protects your device against direct connections from other devices on your network. This can prevent worms, viruses, ransomware, and other attacks against your computer. Finally, you should always have an anti-virus/malware program running on your computer to defend you against any threats that happen to make their way to your computer.
Phishing can be considered one of the biggest threats to your data simply because it is such an easy and low-cost attack to implement. Phishing is simply when a malicious party constructs an email that may look legitimate, but whose purpose is to get you to download an attachment (which commonly contains malware) or click on a malicious link that directs you to an invalid website to get you to enter your vital information or steal your password. Phishing has led to many of the ransomware attacks you have heard about in the news. Ransomware is when that phishing link contains a program that will lock and encrypt files on your network. The only way to get those files back is to restore them from backup or pay a ransom. You don’t want to be the person that clicked on that link shutting down your business!
Another example of a phishing campaign would be for an attacker to fake an email from your bank prompting to update your account information. The email would look like it was legitimate with your bank’s logo and your name which they could have pulled from many hacked email lists. Now they direct you to a site that looks just like your bank, ex: “yourbank.com,” however, the links in the email may be directing you to “www.hackedbanksite.com.” Then, once you enter your account name and password, they’ve got you…and now have access to your bank account. Make sure to verify that the links within an email are bringing you to the correct site; or even better, don’t use the link in the email and go directly to the site itself so you can trust the site you are visiting.
Spear phishing is a variation on phishing where a hacker targets a specific business to get them to transfer money or pay a fake invoice. This is easily accomplished by getting a list of managers from the About Us page on your website. The hacker can then compose a fake email that looks like it’s coming from your CEO and sent to your accounting department asking them to pay a late invoice or transfer money to a hacked account. These requests are marked as high priority, so the receiving party will be pressured to make the transfer before realizing it isn’t a legitimate request. Your best defense here is to train your people to spot suspicious emails and to double-check with management if they have a question about an email. Remember, emails can be easily faked!
Don’t miss next week’s blog: “Computer Security and You: Part Two” where we will discuss passwords and two-factor authentication.