Monday, July 27, 2015

Protect your livelihood and your computers from viruses

If you are like me and read up on the latest news in the dental industry and keep up on breaking stories then you know that many dental practices have been violated recently by the Crypticwall or the Crypticlocker virus.  This virus can be devastating to the practice and embarrassing to you and your team.  My friend and Dentrix Product Manager, Brad Royer, wrote a great response to this topic in the Dental Town forum and I have his permission to share it with all of you.

These viruses do not just hold Dentrix for ransom, they hold your entire computer and other systems on the network ransom.  They are known as ransomware.  The most widely known example from a few years ago was called cryptolocker (this particular version is almost eradicated); however, there have been many other copy cats and other versions that have since been created.

Please see the following information on ways to prevent your office from being affected by this malware.

Security Tips for Small Businesses Regarding Internet and Email Usage

The following information provides tips for small businesses to follow in order to help avoid potential data compromise due to cyber threats from the internet while browsing the web or using email.

Email spam or junk mail is usually unsolicited email that is sent to a large number of recipients. These emails are usually irrelevant or inappropriate and may contain malware or viruses that can infect your computer. And in some cases, they could infect an entire network of computers. All one has to do is open up an unfamiliar or suspicious email and a virus can then immediately load on your computer.

The same goes for visiting certain web sites that contain malware or viruses. Simply visiting a popular social media site and then clicking an advertisement could result in a virus being installed on your computer. Spam, junk mail, viruses, and malware could lead to data loss, data breach, damage to systems, and high replacement and repair expenses. However, most of these threats can be avoided by educating your staff and implementing some basic protocols.

Security Tips

  • Do not share your business email accounts except for with customers, patients, and colleagues.
    • In most cases, in order to receive malicious emails, spammers first need to know your email address. Therefore, it is recommended that your business email addresses not be shared with anyone except your patients, your customers, and your colleagues.
    • Sometimes it is necessary to use your business email to sign on to a web site. Be sure that if you use your business email address on a web site, only use it on a legitimate web site that you are familiar with. And make sure that this usage is for business purposes only. Unfortunately, even legitimate web sites will often share your email address with third-parties. However, the more you can reduce the exposure of your business email addresses to the web, the safer your email will be.
  • Do not post your business email account on the public internet such as posting on your business web site or on forums.
    • Harvesting bots are special software designed to obtain email addresses from public data on the web. Once emails are harvested, the emails are then added to lists for sending spam emails and other threats. In order to help avoid having your business email address harvested it is a good idea to not post your business email address on your company web site or on a web forum for the public to see. Also, make sure that your email address does not show up in your signature on a forum or as a link within a guest book. If the public can see your email address, then it is likely that a harvesting bot can see it also.
    • Make sure that your company web site has some sort of security method in place to hide your email from harvesting bots while allowing your web site visitors to communicate with you.
  • Do not use your business email address to sign up for promotions, drawings, or other marketing gimmicks.
    • Sharing your business email to sign up for anything free or for any special promotion is likely a method for a spammer to collect email addresses. Some of the signup emails or signup pages can even contain malware or viruses that immediately load on your computer.
  • Do not open unfamiliar or suspicious emails; delete them.
    • When checking email, do not click on unfamiliar or suspicious emails or attachments. Instead, immediately delete them. Some suspicious emails when clicked can add your email address to a list, or even worse, install malware or a virus.
    • Also, be careful with unsubscribe links in certain emails. Although many unsubscribe links are legitimate, some unsubscribe links within suspicious or unfamiliar emails could contain links to further threats.
  • Microsoft Exchange users should implement SPAM Firewall services.
    • If you host your own Microsoft Exchange server, you need to implement a Spam Firewall service such as Barracuda. This type of service will help reduce spam emails arriving to your inbox.
  • Web based email users, only use legitimate email services rated high for security.
    • If you use web based email for your business, make sure to only use a reputable service such as or Gmail that contain built in security measures to help prevent spam and viruses.
  • Restrict email usage.
    • Email usage should be for business purposes only and should be conducted by approved and secure email methods. Limit email usage to only select employees who will be responsible for following the proper protocols. Personal email on business systems should not be allowed.
  • Be suspicious of email attachments.
    • Before opening an email attachment verify that you recognize the sender, the name of the attachment, and the body of the email. If anything seems out of place do not open the attachment. Delete.
  • Restrict web surfing.
    • Minimize the number of users in the office that are allowed to surf the internet. This can be accomplished by implementing and enforcing rules for usage. Only surf the web for business purposes while only visiting legitimate web sites.
    • Systems that do not need web browsing can have the web browsing disabled either through the computer settings or by changing the settings within the firewall.
    • Perhaps implement web filtering services. These services can allow some web browsing to occur while filtering potentially dangerous sites or sites that waste time and productivity of employees.
    • The more systems with a web browser that is filtered or disabled, the safer the network will be.
    • Personal web browsing by employees should not be allowed on business computers. Although visiting social media sites and other personal web sites may be common, this is the leading cause for businesses acquiring viruses on the network. Make it the protocol that employees must web surf on their own personal devices such as phones or tablets.
  • Implement email encryption.
    • Before sending an email to a customer, patient, or colleague, consider encrypting the email so that it cannot be read or captured by a hacker while in transit. There are many third-party services that offer encryption.
    • Also, products such as Adobe Acrobat allow one to encrypt a single document at a time that is password protected. The document can then be attached to an email and then sent. The recipient only needs to know a password to unlock the encryption and then view the documents once received. This is a basic and inexpensive method for encryption.
  • Get rid of old email accounts if they receive too much spam and open new email accounts.
    • If your business is using an old email account that receives excessive SPAM and junk mail, maybe it is time to retire the old email address and create a new one. Be sure to not share the new email address with anyone except customers, patients, colleagues, or legitimate web sites for business purposes only. This may require updating or changing business cards, flyers, or your company web site.
  • Do not allow employees to check personal email on business computers.
    • So far as personal email, there is a very simple protocol for employees to follow. Do not allow personal email to be checked on business computers. Employees should use their personal devices such as phones or personal tablets to check personal email.
  • Do not allow employees to connect their personal devices such as phones or tablets to the business network.
    • Make sure that employees are not connecting their personal devices to the business network. The only exception would be is if you have a secure firewall in place with a separate guest network. The guest network must be firewalled from the business network, never allowing communication between the two.
    • If you do not have this sort of secure and separate guest network, then do not allow personal devices to connect to the business network.
  • Run updates on all systems on a regular basis.
    • Run Windows updates on a regular basis. Be sure to run these updates during business downtime and be prepared for the updates to take quite a bit of time to install. There could possibly be multiple reboots involved. Once completed, be sure to test all systems, test all database software, and test healthcare devices to make sure they are in good working condition before the next business day. Windows updates cannot protect against all possible attacks, but they can help to make your systems more secure.
  • Make sure you have up-to-date antivirus software on all systems.
    • This includes all workstations and servers. Antivirus needs to be active and up-to-date. Although, antivirus cannot protect against all possible attacks, it can help to keep your network safer by addressing possible viruses and malware.
  • Be sure to always have a current backup of your data and an old backup of your data.
    • Each backup should be on separate, secure media. You should have multiple backup sets that represent multiple restore dates. Some backup sets should be new and some should be older. That way you will have more choices of dates to restore from. For example, one backup from yesterday, another backup from two days ago, another backup from three days ago, and a fourth backup from two weeks ago, etcetera. The more backup sets that are available to choose from in a restore situation the better the odds are of restoring the system to the best possible state in a disaster recovery scenario. Multiple backup media and multiple backup methods are encouraged.
Brad Royer
Dentrix Product Manager
Henry Schein Practice Solutions


Dayna Johnson, Certified Dentrix Trainer
Dayna loves her work. She has over 25 years of experience in the dental industry, and she’s passionate about building efficient, consistent, and secure practice management systems. Dayna knows that your entire day revolves around your practice management software—the better you learn to use it, the more productive and stress-free your office will be. In 2016, Dayna founded Novonee ™, The Premier Dentrix Community, to help cultivate Dentrix super-users all over the country. Learn more from Dayna at and contact Dayna at

No comments:

Post a Comment