
These viruses do not just hold Dentrix for ransom, they hold your entire computer and other systems on the network ransom. They are known as ransomware. The most widely known example from a few years ago was called cryptolocker (this particular version is almost eradicated); however, there have been many other copy cats and other versions that have since been created.
Please see the following information on ways to prevent your office from being affected by this malware.
Security Tips for
Small Businesses Regarding Internet and Email Usage
The following information provides
tips for small businesses to follow in order to help avoid potential data
compromise due to cyber threats from the internet while browsing the web or
using email.
Email spam or junk mail is usually
unsolicited email that is sent to a large number of recipients. These emails
are usually irrelevant or inappropriate and may contain malware or viruses that
can infect your computer. And in some cases, they could infect an entire network
of computers. All one has to do is open up an unfamiliar or suspicious email
and a virus can then immediately load on your computer.
The same goes for visiting certain
web sites that contain malware or viruses. Simply visiting a popular social
media site and then clicking an advertisement could result in a virus being
installed on your computer. Spam, junk mail, viruses, and malware could lead to
data loss, data breach, damage to systems, and high replacement and repair
expenses. However, most of these threats can be avoided by educating your staff
and implementing some basic protocols.
Security Tips
- Do not share your business email
accounts except for with customers, patients, and colleagues.
- In most cases, in order to receive malicious
emails, spammers first need to know your email address. Therefore, it is
recommended that your business email addresses not be shared with anyone
except your patients, your customers, and your colleagues.
- Sometimes it is necessary to use your
business email to sign on to a web site. Be sure that if you use your
business email address on a web site, only use it on a legitimate web
site that you are familiar with. And make sure that this usage is for
business purposes only. Unfortunately, even legitimate web sites will
often share your email address with third-parties. However, the more you
can reduce the exposure of your business email addresses to the web, the
safer your email will be.
- Do not post your business email account
on the public internet such as posting on your business web site or on
forums.
- Harvesting bots are special software designed
to obtain email addresses from public data on the web. Once emails are
harvested, the emails are then added to lists for sending spam emails and
other threats. In order to help avoid having your business email address
harvested it is a good idea to not post your business email address on
your company web site or on a web forum for the public to see. Also, make
sure that your email address does not show up in your signature on a
forum or as a link within a guest book. If the public can see your email
address, then it is likely that a harvesting bot can see it also.
- Make sure that your company web site has some
sort of security method in place to hide your email from harvesting bots
while allowing your web site visitors to communicate with you.
- Do not use your business email address
to sign up for promotions, drawings, or other marketing gimmicks.
- Sharing your business email to sign up for
anything free or for any special promotion is likely a method for a
spammer to collect email addresses. Some of the signup emails or signup
pages can even contain malware or viruses that immediately load on your
computer.
- Do not open unfamiliar or suspicious
emails; delete them.
- When checking email, do not click on
unfamiliar or suspicious emails or attachments. Instead, immediately
delete them. Some suspicious emails when clicked can add your email
address to a list, or even worse, install malware or a virus.
- Also, be careful with unsubscribe links in
certain emails. Although many unsubscribe links are legitimate, some
unsubscribe links within suspicious or unfamiliar emails could contain
links to further threats.
- Microsoft Exchange users should implement SPAM
Firewall services.
- If you host your own Microsoft Exchange
server, you need to implement a Spam Firewall service such as Barracuda.
This type of service will help reduce spam emails arriving to your inbox.
- Web based email users, only use legitimate
email services rated high for security.
- If you use web based email for your business,
make sure to only use a reputable service such as Outlook.com or Gmail
that contain built in security measures to help prevent spam and viruses.
- Restrict email usage.
- Email usage should be for business purposes
only and should be conducted by approved and secure email methods. Limit
email usage to only select employees who will be responsible for
following the proper protocols. Personal email on business systems should
not be allowed.
- Be suspicious of email attachments.
- Before opening an email attachment verify
that you recognize the sender, the name of the attachment, and the body
of the email. If anything seems out of place do not open the attachment.
Delete.
- Restrict web surfing.
- Minimize the number of users in the office
that are allowed to surf the internet. This can be accomplished by
implementing and enforcing rules for usage. Only surf the web for
business purposes while only visiting legitimate web sites.
- Systems that do not need web browsing can
have the web browsing disabled either through the computer settings or by
changing the settings within the firewall.
- Perhaps implement web filtering services.
These services can allow some web browsing to occur while filtering
potentially dangerous sites or sites that waste time and productivity of
employees.
- The more systems with a web browser that is
filtered or disabled, the safer the network will be.
- Personal web browsing by employees should not
be allowed on business computers. Although visiting social media sites
and other personal web sites may be common, this is the leading cause for
businesses acquiring viruses on the network. Make it the protocol that
employees must web surf on their own personal devices such as phones or
tablets.
- Implement email encryption.
- Before sending an email to a customer,
patient, or colleague, consider encrypting the email so that it cannot be
read or captured by a hacker while in transit. There are many third-party
services that offer encryption.
- Also, products such as Adobe Acrobat allow
one to encrypt a single document at a time that is password protected.
The document can then be attached to an email and then sent. The
recipient only needs to know a password to unlock the encryption and then
view the documents once received. This is a basic and inexpensive method
for encryption.
- Get rid of old email accounts if they receive
too much spam and open new email accounts.
- If your business is using an old email
account that receives excessive SPAM and junk mail, maybe it is time to
retire the old email address and create a new one. Be sure to not share
the new email address with anyone except customers, patients, colleagues,
or legitimate web sites for business purposes only. This may require
updating or changing business cards, flyers, or your company web site.
- Do not allow employees to check
personal email on business computers.
- So far as personal email, there is a very simple
protocol for employees to follow. Do not allow personal email to be
checked on business computers. Employees should use their personal
devices such as phones or personal tablets to check personal email.
- Do not allow employees to connect their
personal devices such as phones or tablets to the business network.
- Make sure that employees are not connecting
their personal devices to the business network. The only exception would
be is if you have a secure firewall in place with a separate guest
network. The guest network must be firewalled from the business network,
never allowing communication between the two.
- If you do not have this sort of secure and
separate guest network, then do not allow personal devices to connect to
the business network.
- Run updates on all systems on a regular basis.
- Run Windows updates on a regular basis. Be
sure to run these updates during business downtime and be prepared for
the updates to take quite a bit of time to install. There could possibly
be multiple reboots involved. Once completed, be sure to test all
systems, test all database software, and test healthcare devices to make
sure they are in good working condition before the next business day.
Windows updates cannot protect against all possible attacks, but they can
help to make your systems more secure.
- Make sure you have up-to-date antivirus
software on all systems.
- This includes all workstations and servers.
Antivirus needs to be active and up-to-date. Although, antivirus cannot
protect against all possible attacks, it can help to keep your network
safer by addressing possible viruses and malware.
- Be sure to always have a current backup of
your data and an old backup of your data.
- Each backup should be on separate, secure media. You should have multiple backup sets that represent multiple restore dates. Some backup sets should be new and some should be older. That way you will have more choices of dates to restore from. For example, one backup from yesterday, another backup from two days ago, another backup from three days ago, and a fourth backup from two weeks ago, etcetera. The more backup sets that are available to choose from in a restore situation the better the odds are of restoring the system to the best possible state in a disaster recovery scenario. Multiple backup media and multiple backup methods are encouraged.
Brad Royer
Dentrix Product Manager
Henry Schein Practice Solutions
Dayna loves her work. She has over 25 years of experience in the dental industry, and she’s passionate about building efficient, consistent, and secure practice management systems. Dayna knows that your entire day revolves around your practice management software—the better you learn to use it, the more productive and stress-free your office will be. In 2016, Dayna founded Novonee ™, The Premier Dentrix Community, to help cultivate Dentrix super-users all over the country. Learn more from Dayna at www.novonee.com and contact Dayna at dayna@novonee.com.