Threats Come from More Than Ghosts
Designated as National Cybersecurity Awareness Month, October serves as an ideal reminder to protect both your hardware and software from ongoing risks and newly developed threats. While cybersecurity became widely discussed in 2004 (when internet usage began to skyrocket), serious threats are at an all-time high today. Scammers find new ways each day to get the information they need from unsuspecting individuals and businesses to steal their money, clients, reputations, and even identities.
As a cloud software provider, we often hear cybersecurity questions, including:
- Is my data protected in the cloud?
- How do I make sure my practice and client data are safeguarded?
- What do software companies do to protect data in the cloud?
It’s up to each of us to take the steps necessary to protect ourselves and our businesses. Here are three tips you can implement this October to help keep your practice safe in cyberspace:
1. Secure your internet and Wi-Fi
Far too often, we see veterinary practices with Wi-Fi that is wide open—they have no antivirus or security (MacAfee, Norton, etc.) in place whatsoever. This is the first (and easiest) place to ensure you are protected.
2. Find out who is hosting and maintaining your cloud software
Regardless of the size of your practice, you deserve the best security possible. Be aware of who is hosting your cloud software and ensure that that service is reputable and secure. Also ensure that any of your add-on software or apps are using up-to-date industry standards.
Amazon Web Services and Microsoft Azure (NaVetor’s choice) are the two largest and most reputable web servers available today. Both are highly secure industry leaders, often used by government entities that require the highest level of security.
3. Set up and maintain user group permissions
Many veterinary practices utilize user group permissions for different staff members or roles, while others don’t feel the need. However, these permissions are an effective tool for increasing and maintaining security.
For example, in a practice with ten receptionists and two receptionist managers, it can be beneficial to give extra permissions only to the managers. They are the ones who are responsible for scheduling the other eight receptionists and balancing drawers at night. They may need access to more sensitive financial information than the receptionists do.
As another example, many practices have relief veterinarians who are not staff members but visit on select days of the week or month. They may need access to medical records but do not need access to inventory, accounting, pricing, and other features that contain sensitive information.
Most software platforms offer ways to control the information that different staff members can access. For example, in NaVetor’s Master List of User Groups, you can set unique permissions for any role that you have set up. This setting will regulate the staff members who have access to certain areas and those who don’t.
Areas that may be important to specify permissions include:
- SOAP and medical records, which impact patient health records.
- Treatment Sheets and Treatment Plans, which impact patient care.
- Scheduling on the appointment calendar, which impacts appointments being added and deleted.
We encourage practices to review these permissions periodically, specifically if there is high staff turnover, but also to address any other changing circumstances. In fact, we consider it a best practice to review permissions at least once a year for lower turnover practices and more often if turnover is higher. It’s also a good idea to review roles and permissions after new software releases come out, in case any new reports or features warrant select permissions.
Stay safe from all threats this October—not just Halloween ghosts and monsters. These tips will not only increase your cybersecurity awareness, but also help keep your practice safe.
Request a Demo
Inspired by what you’ve seen? Interested in seeing how NaVetor can work in your practice? Contact us to set up a personalized demonstration of the software.