If the email looks phishy, go with your gut. It only takes one click to bring down your office systems. Take the time to secure your practice against cyber attack. As social engineering becomes more sophisticated, providers and their staffs need to defend against the mastery of these information-stealing thugs. Whether they enter through the front door or access your systems through online trickery, you need to protect your CEHRT, your patients, and your livelihood. “Criminals have gotten smarter and their tactics have evolved,” warns Michael Whitcomb, CEO of the IT security and regulatory compliance firm Loricca in Tampa, Fla. And it is essential to “train your employees to watch for emails that may contain tricks to access personal or professional information.” Take a look at this primer to address social engineering in your office: Reminder: “Education is low-hanging fruit — once a year is not enough to train your people,” stresses Larry Whiteside, Jr., vice president of healthcare and infrastructure for Optiv, a Denver-based cybersecurity solutions firm. Healthcare organizations “must emphasize cybersecurity education” for their employees to ensure that they understand how best to mitigate risks.