My job as a cybersecurity professional…

Written By Tasha Dickinson

My job as a cyber security professional is to put protections in place to prevent cyber crimes from occurring. Each layer of protection helps to reduce risk and allow users to work at a comfortable level and still be productive. It's a balance every day that we are constantly adjusting and improving.

In the dental world we work with people’s health and handle their protected information in order to do our job well. That data is at risk every time we are connected to the internet. We use email, software and tools that are connected to databases, or servers located elsewhere in the US or world. We upload all of our data into the cloud with cloud based practice management software, AI tools, and reporting software. Other practice management software may be connected to the internet to manage updates, letters, error reporting or any of the other plugins we integrate. It’s all difficult to protect.

If we were to lose that data in a breach through someone gaining access to one or more of our PCs, we could lose everything. With the average breach costing well over $250k we need to be aware of where the risk is and how to protect ourselves. And we need to balance that with getting jobs done.

In the cyber security world we cannot protect against everything at its source. Instead we weigh each risk against the likelihood of a breach and your need to use it in your everyday work. We also have to take into account what tools are going to be the most effective and how much each costs.

We start with assessing your network environment and what software you need to use. There are some basic protections we put into place in all environments. These tools have been shown time and time again to help prevent a majority of malware and balance user needs, tech friendliness and price.

Email phishing is how 80% of cyber incidents happen. And if you think you don't click, test it out here, even if you get them all correct, can you say the same about everyone in your organization? 20% of employees will still click on phishing emails. The sophistication of these is increasing every day. Email security is the number one way we can reduce general threats. In the past, general email security through gmail or outlook may have been enough. But threats are changing and an accidental download is no longer a small issue. Email security should be stepped up.

Basic updates, Windows security and vulnerabilities are one of the easiest and most important steps you can take to protect your network. If anyone gains access, through an accidental download or through a 3rd party software, it is imperative that your security patches are up to date. This is one of the easiest ways to make sure your systems, software and security run smoothly.

Antivirus used to be that stop gap between malware in emails and anything else we downloaded. Even when updated daily these still don’t stop new malware breeds until it's too late. New endpoint detection and response programs are able to combine an antivirus with an AI engine that looks for not only what is showing up in active threats today, but if anything within a PC is acting oddly or in a malicious way. You can find out more here.

One thing you don't want to forget is regular testing and active threat hunting. An IT professional can perform these steps and that could mean the difference between stopping an attack before it gains momentum and an all out disaster.

Threats change and so do we. Haven't taken a look recently? Ready for your annual or biannual check up? Give us a call and let us help you work safely and productively!

Tasha Dickinson
Previous

Password Management
Next

Prevention and Preparation