SAN FRANCISCO - The most important step you can take to protect your practice from a cyberattack is educating yourself and your staff on security risks, according to cybersecurity expert Arash Shokouh, who spoke on the topic at the California Dental Association's CDA Presents 2017 meeting on August 24.
Arash Shokouh, founder of Ophtek.Shokouh, founder of office technology security and support company Ophtek, spoke about how threats from malware, viruses, and phishing have evolved, and what practical steps can be taken to protect your practice and your patient information.
"Your staff are your first and best defense," he said. "It's impossible to cover all your bases with technology, so educate your staff."
Shokouh is also a computer engineering professor at San Jose State University in California.
Layered security approach
With reports of hacking and data ransom attacks on dental practices, hospitals, and other corporations, the need to take steps to protect a practice's data is more important than ever. This even includes computers that a practice may not have critical data stored on.
"You may not think you have anything valuable on an operatory computer or your front-desk computer, but it's incredibly important to protect these also," Shokouh said.
These computers can be access points to your office's data, he noted.
Shokouh tells his company's dental practice clients that taking a layered IT security approach is best.
"It's not enough to just run an antivirus program on your computers anymore," he said.
After staff education, the next step practice owners should take is to check that the service warranties on their computers and servers are valid and up-to-date.
If a practice's computer warranties are up-to-date and there is an incident, the practice may be able to get its data back the next day, Shokouh said. He contrasted this with the unfortunate situation of a fire at the practice, when it may take some time for the practice's building to be repaired.
"It only takes 20 to 30 minutes to check that your warranties are up-to-date, but the amount of time it might save you if you have an event is crucial," he said.
And then he recommended having data backups in place. Ideally, Shokouh said, his clients also alternate their backups for an extra layer of security.
Shokouh then reminded the audience that having data backed up is crucial but doing so is useless if you do not know how to restore your data.
"Spend an afternoon and test your backups," he said. "Have your vendor walk you through how to restore your software and then do it at least yearly -- quarterly is even better."
Other practical tips
Shokouh also gave the audience some additional practical advice:
- Do not use the Internet Explorer web browser.
- Run a plug-in such as Web of Trust on Google Chrome to improve security.
- Make sure your antivirus and antimalware software are turned on.
