If you think that Canada won’t be impacted by the Russian attack on Ukraine, you are sadly mistaken. I clearly don’t want to downplay the horror of this situation. As I watch the attack unfold in the news, my heart goes out to the Ukrainian people that have been displaced and for those innocent lives lost. However, while the front line of this battle is on the other side of the globe, the fall-out will be widespread. I’m not going to delve into the financial impact of price increases on consumer products. This post will focus on the potential increase in cyber-threats against Canadian businesses due to this terrible situation.
There is a battle taking place in the virtual world where Russian-sponsored bad actors are attempting to crimple the Ukrainian economy. We need to understand that the tools and tactics being used for cyber warfare may ultimately be seen by western businesses. Whether the attacks are retaliatory against Western/NATO countries or simply collateral damage…the risk is high. In fact, many government organizations, such as the Canadian Cyber Spy Agency, are warning of an imminent attack on government agencies, healthcare, financial, and critical infrastructure entities, here in Canada.
Are you prepared?
Please do not develop a false sense of security thinking that your IT providers are effectively managing your cybersecurity needs. While EMR providers may secure access and data within the EMR system, their protection ends there. You are responsible for the PCs and servers located with your clinic. Hackers will focus on taking control of these systems as an entry point to access patient data.
What should you do to protect your business and patients?
It truly does come down to following best-practice cybersecurity methodology. I appreciate that your clinic may not have the resources to implement a thorough cybersecurity program. That’s ok. By addressing these areas, you will dramatically reduce your risk.
- Increase awareness. Now is the time to speak to your employees and discuss the increased risk to patient data and business operations. Ideally, cybersecurity awareness training can be deployed which can teach them what to look for so that they can avoid a phishing attack. Employees get attacked far more often than computer systems. Teach them how to protect the business.
- Email protection. Email is the most popular mechanism to attack an organization. Over 90% of attacks are delivered via email. Solutions are available to scan all incoming emails for malicious content; drastically reducing the onus on the employee to spot dangerous emails in their inbox.
- Patching. Attackers attempt to deploy tools on computers that can compromise a vulnerability in the software already installed. The reality is that most software is very complex and “weak code” is present. For this reason, software companies constantly develop and provide updates/patches. By installing these patches regularly, you reduce the risk that an attacker can find known vulnerabilities.
- Strong passwords. Passwords are the “keys to the front door”. Practicing good password hygiene is essential (see https://securesolutionsnow.com/password-hygiene/) to prevent hackers from accessing key systems and data (personal and patient).
- Desktop Protection. Considered your last line of defense, today’s next-generation anti-malware solutions include Endpoint Detection and Response which will detect, protect and automatically address known viruses and activities used by hackers to compromise systems.
While there are several other key controls you should consider and implement, mastering these five will reduce your clinic’s exposure and risk. If this is all a foreign language to you, it is time to work with an IT service company that has expertise in cybersecurity.
If you have any questions or need some help improving your cybersecurity, please contact me at firstname.lastname@example.org