Skip to content
Join Now For Patients
Share this...
Share on facebook
Facebook
Share on pinterest
Pinterest
Share on twitter
Twitter
Share on linkedin
Linkedin

Implementing your Cyber Protection Game Plan

Posted in Practice Management | June 26, 2024

By Joseph Hood

In a recent article, we discussed strategies that would help you to create a Cyber Protection Game Plan that would put you in the position to win the fight against cyber criminals.  We explored how a successful cyber game plan must be like a championship NFL team having both a strong offense as well as a strong defense.  Now, let’s explore some strategies to successfully implement a cyber game plan!

Build a Strong Team.

The number one responsibility of any coach or business leader is to recruit great talent, while at the same time, coaching existing members to help them realize their full potential.  Without this focus, you may never fully execute your game plan.  This applies to the supporting members of your organization and not only to the players who take to the field.  In terms of cybersecurity, ALL members of your organization are competing against cyber criminals.  Do not limit cybersecurity awareness training to only those team members who are on a computer all day.  An employee who only goes online once a week to place a supply order could fall victim to a phishing email that leads to a ransomware attack.  All members must be trained effectively and on a regular frequency.

You would likely find that Championship NFL teams rely on outside organizations to the highest level of expertise in their field, such as equipment manufacturers, security providers, etc..  For example, the NFL partners with local law enforcement and federal agencies to implement security plans for facility security, event day safety and traffic management.  They choose the right partner for each security need.  The same must be true for your endodontic practice.  The right IT resources will provide the network support required for great performance while the right cybersecurity firm will provide a higher level of expertise to provide cybersecurity protection and readiness to respond to a potential cyber incident.   Choose the right IT resources and a dedicated cybersecurity firm to support and protect your network.

Understand Your Strengths and Weaknesses.

Where one team may have a world class defense, another team’s quarterback may be the greatest of all time.  Championship teams understand both their strengths and weaknesses and implement game plans that with them in mind.  Your endodontic practice should do the same.  From a personnel perspective, one strength many practices have is a particularly cyber-savvy team member.  You may want to empower that person to share what they learn with other team members.  Regarding weaknesses, every practice has software and hardware-based security vulnerabilities that go undetected because vulnerability scanning is typically only conducted by dedicated cybersecurity firms.  Implementing real time security vulnerability management software and remediation is very cost effective and critical for removing exploitable vulnerabilities.  You should have a simple way to understand the level of critical and overall vulnerabilities that exist on your network.  These are the “unlocked doors and windows” a hacker uses to gain access to your data.  Choose a cybersecurity partner that can provide a cyber dashboard that does NOT require you to become a cybersecurity expert.

Understand the Playing Field and Conditions.

Championship level coaches and players have a deep understanding of the playing field and conditions and how they relate to various game situations.  What is the down and distance?  Are we kicking into the wind or against the wind?   The playing field in the cybersecurity world is referred to as the attack surface.  The attack surface includes any possible entry point for a hacker to gain unauthorized access to your network in order to encrypt and/or steal data.  The attack surface can be physical, digital or even social.  For example, allowing a marketing firm to integrate with your practice management software grants them access to patient data which will probably be exported and saved outside of your own network.  With proper security measures in place, this is an acceptable risk for many endodontic practices.  Many endodontic practice owners are not even aware this is happening.  A dedicated cybersecurity firm can help you to fully understand your attack surface, which is step one in implementing your cyber game plan.

Practice your Game Plan.

In the days leading up to game day, championship teams practice and drill based on the game plan.  They watch game film, they study playbooks, etc.  Game day scenarios are simulated over and over so that on game day, they have already been in every scenario that can be imagined.  While cybersecurity awareness training provides the understanding of how to protect your data, implementing tabletop exercises puts a team through the “game day” scenarios to practice responding to real world emergencies.  Formal tabletop exercises are generally interactive meetings conducted by C Suite members of larger organizations.  You can implement smaller focused versions of a tabletop exercise at your endodontic practice that can be just as effective.  During morning huddles, you can coach your team through real world scenarios to see how they would respond to ensure they will perform effectively when an emergency does occur.

Taking the Field on Game Day.

NFL teams take the field on Sundays.  Each season, teams get a ‘bye week’ when they do not compete.  The season ends and each team has the off season to regroup and prepare for the next season.  Your endodontic practice does not get to enjoy that type of down time like an NFL team gets to enjoy.  For you and your team, every day is game day.  A winning mindset is key to implementing your cyber game plan.  Coach Bill Belichick coined the phrase, “DO YOUR JOB” during his tenure coaching a dynasty at the New England Patriots (I could not resist referencing my home team).  The spirit of this phrase is that if each person takes care of their responsibility, the team will move forward and implement the game plan successfully.  The least technical person on your team still needs to log off of the clinical computer if they leave the treatment room with a patient in the chair.  Your business manager needs to monitor the cybersecurity awareness training status of each employee to ensure all are properly trained.  Your IT resources need to be held accountable to ensure that all software and operating system updates are installed in a timely manner.  As the leader of your endodontic practice, you must set the tone to ensure that each member of your team understands and is accountable to have personal responsibility around cybersecurity.   Empowering and inspiring each team member to DO THEIR JOB to the highest level will create a winning mindset that is infectious.

Adapt and Adjust Your Game Plan as Needed.

If you pay attention, you will almost always hear NFL analysts comment on adjustments that teams make during games to accommodate their opponent’s strategy.  If the defensive scheme is not preventing the opponent from marching down the field, a new scheme must be developed. If a starting quarterback gets injured in the opening minutes of a game, a more running based offensive plan may need to be implemented.  Nothing is static and feedback must be considered.  The same is true with cybersecurity at your practice.

Cyberattack methodologies change, fully trained team members leave.  You may just now be realizing you have no cyber game plan.  Change is the only constant and that is okay.  You need to make sure that you go forward with success in mind and have a determined mindset to implement a well-crafted cyber game plan that is able to defend against modern day cyber threats.  What worked yesterday likely will not work today.

To keep your endodontic practice protected against a cyberattack, you must be able to VERIFY your cyber risk level and how well your cyber game plan is working.  A well-crafted cyber game plan should allow you to do this without having to wait for feedback from others.  And, what is important to remember, this does not require you to become a cybersecurity expert.

As you go forward and adjust your cyber game plan, ensure you have an IT resource that will provide excellent network support and choose a dedicated cybersecurity partner that provides you with the means to VERIFY the following on your own without even having to contact them:

  • Cybersecurity awareness training status and performance of all employees
  • Simulated phishing performance of all employees
  • Level of security vulnerabilities on your network and the trend of these vulnerabilities (are they increasing or decreasing)?
  • Vulnerability remediation performance (are your IT resources fixing these issues)?
  • Effectiveness of your firewall to withstand a cyberattack

Starting with a successful mindset and aligning your endodontic practice with team members and a dedicated cybersecurity partner can help you to implement a championship cyber protection game plan.  Take steps NOW to avoid being the next victim of a cyberattack at your practice.

Joseph Hood is Senior Cybersecurity Specialist with Black Talon Security. 

 

Posted in Practice Management