In Healthcare, it’s especially disconcerting when a breach occurs because it’s a dense collection of personal identity data. It is the intruder’s brass ring. Having your DOB and social security number enables the intruder to gain access to many other doors to penetrate. The Internet is already a treasure trove of personal data which a hacker can use to piece together your detailed identity. Don’t be so willing to make unsuspecting personal details public and, more importantly, stop clicking links from an unknown source. Those links lead to malware, username and password stealing or to key-loggers that capture account numbers to make matters worse.
Is there usually someone to blame for a breach occurrence? Well, is it the Employee, Management or Contractor? If sadly after a breach realizing the need for best practices to prevent cybersecurity breaches doesn't finally get your attention, then it’s Management’s fault in my opinion. Not many companies take a proactive stance to prevent such unnecessary breaches by implementing best practices for cybersecurity.
However, Employees in Healthcare are not techies. Meaning, most are not able to easily spot “red flags” even when educated with the answers to the test, so to speak. Does lacking the knowledge mean they’re exempt from trying? No, of course not, but you’re expecting a lot of real-time analysis from a very time-constrained employee. For Techies in the company, they are hopefully more likely to spot or question attachments and links as phishing attempts. But they’re usually not targeted as much as the CEO and other lucrative departments. So how does a targeted non-techie constantly assess their risks and prevent cybersecurity breaches?
The first line of defense for preventing cybersecurity breaches is offense.
Administrators, here is the low hanging fruit…improve your monitoring tools. So, for the first step, if not already in place, put into practice password expiration and better password policies. Next, make sure accounts are locked out after a few failed attempts. I know, this may increase help desk calls, but you can reduce this impact if you have implemented self-service features so that employees can succeed on their own.
The next approach to consider is to refine web filtering by blocking bad traffic heading in your direction. Add domains to a blacklist or the inverse by adding safe domains to a whitelist. Prevent domains from specific geographical location based on the domain suffix. You can prevent access to any suspicious web pages reducing your risk right out of the gate. Other obvious blocks should be URL links that contain IP addresses only as they have no association with a registered domain name and should be considered highly suspect.
Blocking or at least warning a user of an impending strike, for instance, a web page containing a pointer to an executable file that is installed on your operating system or by simply clicking on a link that impersonates a brand website fooling you into entering and therefore capturing your username and password.
There are many other checks to add like restricting the time-of-day especially during wee hours of the morning when clearly the office is not open for business. The attacks, unfortunately, are bi-direction meaning if a username and password were given to a fraudulent site keep the bad guy from trying to use it by implementing multi-factor.
How does a non-techie spot “red flags”?
Education is a good next step. Train employees to identify directed suspicious phishing attempts before clicking on a link -- try highlighting the URL link with a mouse over since this provides a chance to peek at the URL before clicking on it. Here are some ways to investigate and identify potential red flags by looking at the URL link:
- Does the URL parameter contain your email address? A phishing attempt is known to pass your email address as a parameter to identify you in fraudulent software. But it’s possible for your email to be present when an app sends an email asking to confirm your email. If this is the case, and it doesn’t fail other checks mentioned below, then it can be considered as a lower risk.
- The URL redirects to a domain unrelated to where you are expecting to go. For instance, a hacker hijacked a flower shop website and is using that site to host their fraudulent code, and you think you’re going to Office 365, DocuSign, or other popular apps.
- Does the domain name contain a misspelling of an imposter website? Ex: “offfice365.com” contains an extra letter “f” in office. An example of a fraudulent site.
- A common technique to disguise the fraudulent website is to use http://tinyurl.com. If you see this as the link, then beware.
- Is the domain pointing to a Country code you’re not expecting? Don’t be eager to click on a site outside of the country until you’re fully confident. Google search the domain with the country code by placing it within quotes to see the what the organic results reveal.
- Does the URL contain a CGI script reference? Common Gateway Interface indicates that a server-side script or program is to execute. This approach is old school so I would place this in the higher risk category.
If the Administrator has installed monitoring tools (Google conducts checks within Chrome), it will “assist” in catching, handling and notifying you the user of phishing attempts. But even then, it’s a game of cat and mouse. The key to doing your part to reduce damage to your company is to become more knowledgeable and vigilant to discern the risks. When in doubt, don’t click.
