Nextech is committed to providing protection for the systems and data that our customers use to operate their practices. Employing a variety of high-tech security tools including intrusion detection and prevention systems, firewalls, antivirus software, and networking monitoring, Nextech thwarts off an ever-growing threat landscape. Yet, even with these precautionary measures in place, the strongest protection against cyber attacks is you.
Phishing Emails: a scam by which an Internet user is duped (as by a deceptive email message) into revealing personal or confidential information which the scammer can use illicitly.
Protect yourself from phishing attacks
Over the course of April this year, we’ve observed that the amount of emails containing malware have almost tripled. Many of these attacks have come from customer mailboxes that were compromised through a prior email attack. It is important to be extra vigilant when opening and accessing links or attachments in emails received from external sources. Nextech utilizes advanced threat protection for email in addition to security awareness training and threat warnings to help protect our internal users.
Automated email filtering systems will block messages that are considered a threat. However, email is still the #1 delivery method for credential theft, ransomware and crypto-related viruses. We encourage practices to utilize HIPAA-trusted email systems that also enable the use of security tools to protect organizations from successful phishing attacks.
Here are a few things you can do to reduce the risk of stolen credentials, malware or ransomware from entering your work environment:
- Closely inspect the sender address, the purpose of the email, URLs contained in links, and the message content before taking any action. Be extra cautious when opening links or attachments sent in an email from an external source.
- Never enter passwords into an unauthorized or unverified web site opened from an email link or attachment; this is a very common way attackers steal an unsuspecting victim’s passwords.
- Do not use the contact information in the suspicious message to verify the authenticity of the message; use contact information from a different source.
- Never reply directly to suspicious phishing messages; always contact an administrator first.
- Ask IT to implement warnings for externally sourced messages, as this helps identify spoofing.
- Use different passwords for different systems, keep passwords strong and use multi-factor authentication where applicable.
- Don’t pay off extortionists; instead resort to backups or known decryption keys.
Protect yourselves from security vulnerabilities
A cyber-security vulnerability is a system-related weakness that can be exposed by an attacker to gain unauthorized access to a computer system, data or computer network. An exploit occurs when the attacker takes advantage of a known vulnerability to stage a cyber-attack.
Using modern systems and software help protect against vulnerabilities. Supported systems can be configured to automatically download software updates that include the latest protection to fix security vulnerabilities. It is important for administrators to be aware if there is use of ‘unsupported’ systems, as these systems will not receive the latest updates that provide protection against cyber exploits.
For example, old versions of Windows prior to Windows 7 and Internet Explorer version, prior to 10, will reach their end of support in 2020. Microsoft has recently released fixes for known critical security vulnerabilities for later versions of Windows. Installation of these patches typically require a system restart.
Nextech receives alerts when critical vulnerabilities are found and updates our systems when patches are released to fix them. This helps us keep up-to-date with system security updates by utilizing patching schedules and a process for applying emergency patches for zero-day exploits. A zero-day exploit is a cyber-attack that occurs on the same day a weakness is discovered.
Using Encryption to protect your information
Unsupported systems may not offer the latest encryption technologies used to protect data from being stolen during transfer or at rest. Encryption is used to secure communications between your computer and websites (and software) when transferring confidential data such as banking information and protected health information. Modern encryption methods have replaced older protocols due to known vulnerabilities, cracks and exploits.
Encryption is also used to protect documents stored on document sharing sites such as Microsoft Office 365, and measures should be taken to encrypt any confidential data stored on any external drive or media. It is also important that all laptops are encrypted with the latest encryption technology such as Microsoft’s BitLocker, in case the device gets lost or stolen. Most phones are set up to be encrypted with security keys generated from biometrics or passcodes.
If you are not sure of how encryption is used at your practice or organization, please contact your IT administrator for more information.