Cyber Security Series: Knowledge is protection
Part 3: Security isn’t all virtual – spot the physical risks
As much as we would like to believe everyone affiliated with our businesses would never do intentional harm, sometimes employees can be misguided rather than malicious and still become a threat. Mistakes in forgetting to secure something can lead to the same result as deliberate damage. Make sure you have strict and straightforward security procedures easily followed by others to avoid potential mistakes. And ensure they’re included in your Employee Handbook.
If you have vendors or contractors you deal with in your building, watch for unusual hours or requests for access to areas that house restricted information. Be wary of anything that seems suspicious – even if you think you may be overreacting. It’s OK to trust but always keep security in mind and never share access or passwords with others.
Policies are important to protect your practice, patients, your data and your reputation. Keep a clean physical environment, lock up sensitive information and password-protect and encrypt important digital files.
Physical security in a tightly wound world
As a physician whose building is open to members of the community for appointments, it’s important to ensure privacy is maintained for off-limits areas that may or may not be under lock and key. Make sure staff members recognize suspicious actions and don’t allow people to follow them in before or after hours.
Keeping a clean desk helps ensure everything is organized and sensitive files that need to be accessible can be locked away but stay close at hand. Intruders or opportunists can’t snatch what they don’t have easy access to.
Tricks by criminals classified as ‘social engineers’ often include pretending to be delivery people or others who may have reason to be in the building, when their intentions are actually to steal information or objects. The safest policy inside the practice is locking down devices when not in use. Never leave an unsecured device unattended. Encrypting files on every phone, tablet or laptop can help ensure the files are safe even if someone does manage to steal it.
Documents that are no longer required and that have patient identifiable information should be destroyed regularly. Again, calendar reminders are helpful for this. Or decide that by Friday noon, everything that needs shredding has been shredded. And destroying electronic files, such as older dictations that you have already transferred to your trusted medical transcription service online, should also be done regularly. This goes for obsolete computers too.
When it comes to people, including patients, it’s important to be cautious but not cold. Your diligence in keeping a clean and safe space will ensure private materials stay that way.
Read two more articles in this series on Cyber Security:
Part 1: Spam to Phishing
Part 2: Passwords
See our newest article on Cybersecurity for the Holidays at Beware of Cybercriminals This Holiday Season (2ascribe.com)
2Ascribe Inc. is a medical transcription services agency located in Toronto, Ontario Canada, providing medical transcription services to physicians, clinics, and other healthcare providers across Canada. Our medical transcriptionists take pride in the quality of your transcribed documents. WEBshuttle is our client interface portal for document management. 2Ascribe continues to implement and develop technology to assist and improve the transcription process for physicians and other healthcare providers, and recently introduced AUTOfax. AUTOfax works within WEBshuttle to automatically send faxes to referring physicians when a document is signed off by the healthcare professional. As a service to our clients and the healthcare industry, 2Ascribe offers articles of interest to physicians and other healthcare professionals, medical transcriptionists, and office staff, as well as of general interest. Additional articles may be found at http://www.2ascribe.com.