Summary: TEN HIDDEN IT RISKS THAT THREATEN YOUR HEALTHCARE PRACTICE ©2013 Gordon Flesch Company, Inc. http://www.gflesch.com GWP03 RISK #9: BRING YOUR OWN HEADACHE On the one hand, new devices such as smart phones and tablets can increase employee productivity—and when employees use their own devices, it saves the practice money. But this new “bring your own device” (BYOD) environment brings new headaches, too. These devices are easily lost and stolen. When they are, any information available to the device—including confidential business and patient data—may be vulnerable to illicit access. Yet fewer than 50% of businesses report the ability to use data encryption and/or remote data wiping to protect their assets. Take stock of your data inventory: you need to share permissions reports that reveal which devices and users have access to which files and applications. RISK #8: WHO’S KNOCKING AT YOUR BACKDOOR? Your practice isn’t limited to your own systems. Thanks to access to outside servers and systems, you can leverage potent tools like Gmail and Dropbox to manage customer communications, share files and more. While these cloud services increase your capabilities without busting your IT budget, it’s important to remember that every connection that reaches out from your network may open an opportunity for someone else to reach in. Protect your portals: run an external vulnerability scan that reveals every “backdoor” through which an intruder might break into your network. RISK #7: “WET PAPER BAG” PASSWORDS Your password protections are only as strong as the passwords themselves. Having no passwords—or using obvious passwords such as “12345”—undermines the very protection you seek. Yet employees often fail to establish passwords or, when they do, frequently use ineffective ones. Review your passwords’ strength to identify weak spots any unauthorized user could punch through. RISK #6: WHOA, BACK UP If you lost a significant chunk of your data right now, how much business would you lose as well? Too many businesses run without sufficient policies, plans and procedures for backing up critical data essential to their ability to operate. If your practice depends on Can you create and review permission reports that tell you which devices and personnel have access to which data and applications? Are the connections you use to access online services protected against backdoor invasions by unauthorized intruders?