Working with digital tools can improve communication, reduce costs, and result in better patient outcomes. However, a digital environment with multiple apps and online accounts can represent a security risk.
Medical data is valuable, and criminals often target healthcare organizations. Therefore, adopting a strong password security policy for your dental practice is crucial.
Understanding the Risks
Before we discuss improving password security, we must understand how criminals target dental practices and other organizations to steal credentials.
- Breaches can happen through current employees, former employees, or third-party contractors who have access to login credentials.
- Criminals can also purchase leaked passwords. With 240 million data breaches reported in Q3 2021 alone, it’s a strong possibility.
- Criminals often use phishing to trick users into sharing their credentials.
- Hackers can also launch attacks and use scripts to test millions of passwords until they crack the one you use.
Using strong passwords with capitals and special characters isn’t enough to protect your dental practice. You need a holistic approach that includes best practices, tools such as a password management system, and policies to mitigate a wide range of risks.
What Makes a Password Strong?
Anything people can guess easily is out of the question. Your birthday or the name of your pet are things a malicious employee could easily find.
Avoid overly simple passwords. It might seem obvious, but 11% of people use 1234 as a password.
A complex password can improve safety. When a hacker launches an attack that relies on a script running through millions of possibilities, the script usually starts with simple combinations.
For example, some scripts will run different combinations with only numbers, while a dictionary attack tests every word present in a dictionary to guess simple passwords.
Add a layer of complexity by using different types of characters. Ideally, passwords should include a mix of numbers, lowercase letters, capitals, and special characters.
Making your passwords longer can also help keep you safe. In fact, the FBI recommends using passphrases with 15 characters or more. Adopting a long password makes it harder to remember if another employee sees you type it.
These passphrases are harder to crack because a longer password will require more computing power during a dictionary attack. Plus, passphrases can be easier to remember for the user. For instance, RockyRoadIceCreamWithSprinkles56! is much easier to memorize than G6sfnlSWhrlhfna!.
Why You Need a Strong Password Security Policy
A strong password can protect you from dictionary attacks and malicious users attempting to guess your passwords. However, you must go further than numbers, capitals and special characters by setting a strong password security policy covering the following areas.
#1. Update Passwords Often
Did you know that criminals can purchase as many as 24 million compromised login credentials on the dark web?
Given how frequently data breaches occur, the likelihood that a password is available on the dark web increases over time.
Your best line of defense against leaked credentials is to update passwords frequently to make old passwords worthless. You should also have rules against reusing passwords more than once or using passwords that are too similar to the old ones.
You should have everyone update their passwords if you suspect a threat. Otherwise, it’s fine to have employees create new passwords once every two or three months.
#2. Don’t Reuse Passwords
With 65% of users reusing passwords, this practice is a significant security concern. If an attacker accesses one account, they can use the same compromised credentials to access other systems. A minor data breach for a system that doesn’t store sensitive data can quickly become a significant attack.
Using variations of the same passwords is also an unsafe practice. Instead, encourage employees to pick random passwords that don’t follow any specific patterns from one account to another. Capitalize different letters and choose different numbers and special characters every time if possible.
#3. Don’t Share Passwords
Each user should have their own account and password. Individual accounts promote a culture of accountability and can also help with auditing because you’ll be able to trace the activity to each user.
This practice also protects you from internal threats, which is something many businesses tend to overlook. You should also have policies against emailing or texting passwords.
#4. Improve Awareness of Risks
Phishing is a risk that affects over 80% of businesses. While some malicious emails are easy to recognize, some criminals know how to craft convincing spoof emails.
The purpose of a phishing email is to trick the recipient into thinking the message is a legitimate request to share sensitive information. These emails often include a link that will take the recipient to a spoofed webpage. These pages can look like the login portal of a financial institution you trust.
Employees should be aware of this risk and know what to look for to identify phishing emails. Training material and penetration tests can help improve awareness.
You should also know that some attackers are using advanced methods like social engineering. For example, they might call your practice and devise an elaborate scam to obtain login credentials, such as pretending to work for a tech support company. Making sure everyone is aware of these risks can go a long way in keeping your organization safe.
Going Further With Tech Tools
You can use tech tools to improve password security and make things easier for users.
Multi-factor authentication or a 2-factor authentication system adds an extra layer of protection. When users log in, the system will prompt them to enter their username and password. The user will then have to perform an additional step.
Many 2FA systems send a unique PIN (personal identification number) to the user’s phone or email them a code. Verifying that the user has access to an email address or a physical device helps to confirm their identity.
Password Storage and Management
It’s not unusual for a team to use dozens of different business apps. It’s a complex environment where users must keep track of several passwords.
Employees often get creative with storing and managing their passwords. While some might use pen and paper to keep track of their credentials, others might opt for storing this sensitive information in a text file or spreadsheet on their workstation.
These methods aren’t safe because a malicious insider can use a paper password log, and malware can compromise a text file.
Password management systems are a much safer tool. They can generate strong passwords, store them in an encrypted database, and verify the identity of a user before giving them access to their different credentials. Password management systems are a valuable tool for enforcing a strong password security policy while helping employees save time.
Improve Your Password Security With Erickson Dental Technologies
Erickson Dental Technologies specializes in IT solutions for dental practices like yours. We can review your current password security strategy, help you create a safer environment with a password manager system, and take additional steps to protect your organization.
Get started by booking an assessment so you can better understand your risks and learn more about our HIPAA-compliant solutions.