Joseph Axne, Owner IT-Guru – Article Courtesy of SCVMA Pulse
The Veterinary Information Technology (IT) technical landscape is changing extremely fast! Internet, computer and network security for Veterinary Clinics and Hospitals has to be seriously looked at now that more and more veterinary practices are becoming dependent on technology. If you are paperless or thinking of going paperless or use a Practice Management System (software to run your business) a strategic and proactive approach to computer and net- work security is a must!
I hear things like, “What would a hacker want with my information?”, or “We are too small or don’t have anything that important that a hacker would want”, from some Veterinary Practice owners. The truth is, they want anything they can get their hands on and in fact now the recent trend is locking you out of your own data and making you pay a ransom to get your data back.
I stay active in the IT community by going to related trade shows and conferences. Recently, we were discussing the latest threats like ransomware and a question was asked to the 100+ IT professionals in the room. “Who has had to deal with this Ransomware threat? Every single person in that room raised their hand. That’s right; 100% of the IT pros in the room have seen this, so it’s here in a big way and getting worse every day.
Ransomware is now over 5 years old and within the last 3 years it has become more and more sophisticated. The bad guys/gals are figuring out ways around standard protections that IT professionals have traditionally put in place. It used to be easy to just purchase a piece of software like Antivirus and it would protect your computers and networks 99% of the time. But that isn’t the case anymore because the hackers have figured out ways around these protections.
So a layered approach to security is a must. Meaning there is no one solution that will fix the current and future internet threats. We have developed IT Standards of Care for Veterinary Clinics and Hospitals that if followed will dramatically reduce your risk, but as I tell all of our clients: nothing is 100% secure. As we continue to assist clinics and hospitals, here are the common things we are reviewing and discussing:
Backup and Disaster Recovery
This is the single most important thing that has to be in place and working correctly. We are seeing outdated methods of protection like tape drives or USB hard drive backups. If you are using this type of technology I highly encourage you to identify a solution that will provide you better results. Tape backup technology is OLD, slow, and not reliable. USB drives don’t provide the protection against Ransomware. A good backup solution should be backing up your important systems hourly during the day and create offsite replication of that data hourly to east and west coast (two different geographic locations) datacenters. The solution should allow you to get back up and running in minutes, not days! Review your backups and ask the following questions. How often are you backing up? How quickly can you get back up and running should your important system (server, dentistry workstation, x-ray system, etc.) fail? If fire, flood or theft occurred (Important systems are now gone) how would you recover and how long would it take?
Business Class Firewall
A Firewall is the gateway into and out of your net- work. We see many clinics and hospitals not having the proper protection of this gateway. Many times veterinary practices are only using their Internet Service Provider’s gear or something they purchased at Best Buy or Office Depot. Having systems behind a firewall is a must, but veterinary clinics and hospitals should use a Business Class device. These devices typically have a security subscription service and will inspect each and every data packet that goes in and out of your network, scanning for threats like malware, virus, etc. Business Class Firewalls can also provide two internet connections in cases where you really need to get to internet resources so you could have two redundant connections. These devices can also provide both public and private WIFI connections so your guest network doesn’t touch your private network.
Review your Firewall and ask the question, does it have some sort of security subscription? Is it currently active and setup correctly? Is it Business Class or something you pick up at a local office supply store or are you just using your Internet Service Provider’s firewall?
Antivirus, Anti-malware and Web security software
Yes, Antivirus is still needed, but an Anti-malware solution should also be used. Many Antivirus programs now include some sort of Malware protection and Web security protection. You can’t just have simple Antivirus because malware infects a machine much differently than virus does; and virus only protection won’t detect or stop malware. Also, web security is extremely important because all it takes today is going to a website like Yahoo. com and you may be exposed to risks. The bad guys/ gals are buying ads on major websites (Bing, Google, and Yahoo) and are using these ads that pop up warnings and messages trying to get you or your staff to click on something. Remember, if you ever get a prompt that says click Yes or No; No usually is just coded on the back end to mean “yes” and will infect you. So you have to have something in place to assist with human errors. Ask yourself, what Antivirus are you using on all your computers (should be the same and standardized across all systems)? What Anti-malware program are you using and what Web security do you have in place? Last, but most important, when was the last time it was updated because your Anti-virus/Anti-malware/Web protection software must be kept up to date!
Apple, Microsoft, Adobe, Java, Flash, Silverlight, Firefox, Chrome, Internet Explorer etc. have to be maintained and patched. Any software that interacts with the internet has to be kept up to date. Having older non-patched and out of date software and systems allows for hackers to penetrate that software and use that as a back door into your computer and networks. Windows XP is no longer supported by Microsoft so assuring your Operating System is on a supported platform that continues to get patches is also important. Review your systems and assure you are patching machines at least monthly but weekly is better. Ask yourself are your computers patched with latest security patches? Do you use any third party programs like Firefox, Chrome, Java, Flash etc. and are they the latest versions up to latest patch level?
These are to top 4 things you should review right now to see if you comply with today’s IT Standards of Care needed for Veterinary Clinics and Hospitals. We have many more IT Standards of Care, approximately 150+, which we review to assure that our clients are aligned to on a quarterly basis. These IT Standards of Care continue to change as the IT landscape changes. It’s going to get worse before it gets better. Protecting yourself is a must so you don’t fall victim and have to pay thousands of dollars to get your data back or have days of downtime for your Veterinary practice.
If you have any questions about protecting your Clinic or Hospital please contact – Joseph Axne @ 303-520-3733 x9010 or use our contact us form on our website.