The “Human” Firewall vs. the Traditional Firewall
You may be thinking to yourself, “Why would I need a ‘human’ firewall when I have this expensive firewall protecting my network?” Let’s first understand what a firewall does, and the scope of its capabilities. A firewall alone may not prevent a cyberattack or block all malicious code trying to get into your network. It is your exterior defense and is designed to allow and restrict access of certain types of information and connections. It has the capability of protecting you from many types of attacks, but it absolutely does not protect you from everything. So many practitioners live under a false sense of security that their firewall protects them from all evil. The fact is, it does not. If firewalls and anti-virus software were the end all to be all, we would not have to worry about cyberattacks.
In order to protect your patient data, you must deploy a multi-layered approach to security. Alongside technologies like firewalls, anti-virus software, vulnerability scanning and penetration testing, a practice must implement cybersecurity awareness training for the doctors and team members (which are referred to as the “human” firewall.) In fact, HIPAA guidelines, as well as some states, require a cybersecurity awareness program be implemented by any covered entity (health care provider) and business associate. Properly educated staff can readily identify “red flags” in emails that are indicative of something not being “right.” In other words, maybe the email that you think is coming from another doctor is really a spear phishing attack trying to lure you or a staff member into clicking on something or giving up their username and password. There is no device in the world that is smart enough to detect something like that. Once the attack is detected, the team member can delete it and take corrective action, ultimately blocking the attack.
Practices are constantly being targeted by hackers through phishing, spear phishing and social engineering attacks. If your staff is not aware and cannot readily identify these attacks, you will fall victim. It is not a matter of IF this will happen to you, but WHEN. You must be proactive. If you ignore what is really happening in the world we live in today, you will ultimately find yourself on the wrong side of the table. We have dealt with way too many practices that have been hit by cyberattacks, and none of them had trained their staff or implemented any type of cybersecurity defensive measures beyond a firewall and anti-virus software.
At Black Talon Security, our comprehensive approach to training is very different than most other companies. We put a heavy emphasis on training by offering a LIVE webinar that incorporates an interactive experience for you and your team. While most other companies offer compliance and awareness training through a recorded video, our approach engages your team by asking them questions, having them problem solve and think critically about possible ways the practice could be attacked. We all know what most people do with recorded training sessions…run the video, open a browser and do something else until the video ends. Box checked for the year! This is not effective training, but simply a waste of time and money.
Make sure you engage with a company like Black Talon Security who understands the dental space and provides the most effective cybersecurity awareness training available. It is time to take action NOW. The risk is too high to leave yourself unprotected and vulnerable to these relentless attacks.
Give us a call today to learn more about cybersecurity training for your staff. 800-683-3797.