By Robert McDermott; President/CEO, iCoreConnectEmail is so familiar, we can get lax on its use. It’s easy and accessible, and with mobile devices and laptops, even more so. But that’s also what makes it a security risk.
Without proper Email security, your practice faces multiple threats.
Email is remarkably vulnerable to unauthorized access as well as phishing attacks, malware, and dangerous spam. In short, email security cannot be overlooked. Keep in mind, email security is a pretty large umbrella term that covers the security measures and mechanisms designed to protect email accounts–as well as communication, content, and transmissions.
HIPAA Non-Compliance
Intercepted emails or unauthorized access can create significant problems for your dental practice. To maintain HIPAA compliance, you must ensure that all communications related to your patients which may include personally identifiable information (PII), protected health information (PHI), or electronic health records (EHR) are protected. That means your email should be encrypted end-to-end to protect that information and ensure HIPAA compliance. When it comes to sending this kind of data, you also want to limit access to intended recipients and authorized users.
Phishing Attacks
While being able to receive emails from anyone was always the intention of email, an open inbox, these days, means not just tons of spam email, but phishing attempts. Phishing attempts have grown more sophisticated, with fake emails looking more convincing than ever. In phishing attacks, malicious actors attempt to get users to download malware, visit external sites, or reveal credentials that provide access to your network. Often phishing attempts replicate the look and feel of emails from known vendors or partners, so users let their guard down and take the action requested in the email. Once the user has taken the desired action, your network is open and vulnerable to attacks and data theft.
Phishing attacks may then also be responsible for ransomware attacks which either lock access to your network or your data until a ransom is paid.
Business Email Compromise Attacks
Whereas phishing attacks and spoofed emails may come from a variety of sources, BEC attacks come from your bank, lenders, or vendor. Instead of directing you to a download, a link, or other, they instruct you to deposit or wire funds into an account, seemingly for a legitimate business expense or purpose. Much like phishing attacks, BEC attacks have also become more sophisticated and have developed ways to solicit and gain employee PHI including W-2s or other tax information which can reveal social security numbers and more.
Weak Passwords
Given that both medical and dental practices are known targets for hackers with the threats increasing, weak passwords make your network vulnerable to attacks. Weak passwords include anything that may be easily guessed by a human or computer, is overused or a duplicate password, or one that includes public information.
Spam
While not always a security threat (unless it’s also a phishing attempt), spam can still threaten your dental practice. Unwanted and unsolicited emails, as many of you have likely experienced in your personal inbox, can disrupt productivity and workflow. Additionally, spam emails may prevent your team from seeing and responding to patient, vendor, or partner emails in a timely manner.
These two factors contribute to your email vulnerability.
Email security is largely seen as low priority.
When it comes to cybersecurity and dental practices, the truth is that it’s often overlooked. And, when considering security measures, email security is often considered a low priority despite the fact that it may be one of your biggest vulnerabilities.
Malicious actors and hackers are well aware that it’s the easiest way to gain access to your network. Often, medical and dental practices are using a standard email without configuring it with a security mindset. That means spam and phishing efforts can reach your inbox and staff.
Human Action
From clicking “send” on an email without considering what files are attached or who the recipient might be to clicking on links without investigating the veracity of the sender, human error is the cause of nearly 95% of cyber breaches and one of the most significant variables in the security space.
This holds true for password protections, as well. No matter how often we’re told to create complicated passwords, use whole sentences, and change them regularly, many of us still rely on the same handful of passwords and pet names we’ve been using for years.
What can you do?
The potential exists to protect your inboxes and prevent them from ever receiving spam emails or phishing attempts, to ensure you’re HIPAA compliant with end-to-end encryption and secure transmissions, and to safely send files of any size to referral partners and providers.
TDA Perks Program-endorsed iCoreExchange is a HIPAA-compliant, encrypted, email service. The secure, cloud-based email enables you to send unlimited attachments and includes a built-in referral network.