Practice Management Alert

Tech Tool:

Frequent Password Changes Provide Bulwark Against Cyber-Siege

E-mail from Russell Crowe? Something's probably not right

Think your employees know how to stop an Internet scam in its tracks? Think again.
 
You must educate your staff members on how to react to even the simplest virus or hoax, or you risk leaking your patients- protected health information (PHI) to hackers and identity thieves.
 
Strategy: Distribute a -Do's and Don-ts- tip sheet similar to the one below to all your regular e-mail or  Web users, says Elisabeth Derwin, an information technology specialist with Bennet Health System in San Francisco. Tell them to refer to the sheet each time they spot a suspicious e-mail or are contacted by companies claiming to need personal data.
 
Bonus: You can also hand this sheet out to your patients who request that you contact them through e-mail. If you host a Web site, post the list prominently so that anyone visiting your site can easily see your Internet security policies:

INTERNET SAFETY DO's and DON-Ts

1. If you don't recognize the sender, don't open the e-mail or attachments. Before you open the attachment, try to determine if it's legitimate by scanning the e-mail. Does it contain a phone number you can call to double- check that the attachment is not a virus? If a friend or co-worker sent the attachment, call or e-mail that person to make sure he meant you to receive the file. But if the body of the e-mail is empty or contains text that makes no sense to you, your best bet is to delete the e-mail without opening the attachment.
 
When in doubt, check for these common signs of an e-mail virus:
 
- The e-mail's subject line is suspicious (e.g., -iloveyou,- -Russell Crowe- or -Anna Kournikova-)
 
- It was sent in the middle of the night, or there are multiple messages containing attachments from the same sender.
 
2. Do use hard-to-guess, frequently changed passwords. The strongest passwords mix uppercase, lowercase, numbers and symbols to create a code not found in the dictionary (e.g., gu2@VW05). You can also build your passwords from slogans or phrases that you encounter every day. Best: Think of a phrase or your favorite song lyric. Then shorten the line to the first letters of each word to come up with your password. Remember to swap out at least one letter for a number and one letter for a symbol, and make at least one letter uppercase.
 
Example: You can shorten -All the world needs is love- to -ATWNIL.- Then swap out a few characters to create -@TWN1L.- Next make some of those letters lowercase: -@tWn1L.- Now you-ll need to add two characters to lengthen the code to eight characters: -&@tWn1L&.-

Make your passwords at least eight characters long.
 
And you should create multiple passwords for each site that requires you to log in.
 
3. Disconnect when you-re through. The Internet sends and receives information the entire time you are connected to it. By disconnecting when you-re not using the Internet, you lessen the chance you-ll receive something malicious.
 
4. Don't use the -Unsubscribe- feature on spam  e-mails. Spammers have no clue how many of the e-mail addresses on their lists are valid. But as soon as you send an -Unsubscribe- reply to their message or go to their Web site to unsubscribe, you-ve confirmed that your e-mail address works.
 
That means they-ll just keep on spamming you. And any of those spam e-mails could be the one that contains a virus.
 
5. Don't reply to e-mails asking for your credit card number or other personal information. Phishing is a high-tech scam that deceives consumers into sharing their confidential information.    

Common scenario: You receive an e-mail that looks like it's from a trusted organization, such as your community hospital or bank.
 
The e-mail asks you to update your information by clicking on an embedded link.
 
Strategy: Beat data thieves at their own game by deleting these   e-mails immediately and then calling the institution they were supposedly contacting you from.
 
Never share your financial or other confidential information via  e-mail -- even if you are positive the sender is legitimate.