The best way to protect against ransomware, viruses, and other dangerous malware is to buff up preventive measures so there’s zero chance of endangering your dental practice.
Many of the articles I’ve written over the past 5 years have focused on the steps you should take in case you are ever hit with malware—meaning, viruses, particularly ransomware. As the old saying goes, “An ounce of prevention is worth a pound of cure.” This month’s article will focus on some of the preventive measures you can and should be taking. Some of this might be a bit “techy,” but any decent information technology (IT) company that specializes in health care should be able to assist you in the event of a cyberattack.
Lock Down Your Firewall
Leaving ports such as Virtual Network Computing or Remote Desktop Protocol (RDP) open on the internet is somewhat of a laughing matter on many Facebook groups, Discord channels, and other social platforms. Although it is not so funny when you talk to businesses who have lost all of their data from a ransomware attack. All of us in IT know that this is a no-no, but you may not.
First and foremost, lock down all direct connections to Remote Desktop or similar services. If you do need to publish Remote Desktop Service (RDS), do so using a Remote Desktop Gateway server and protect the gateway with dual-factor authentication. There is no excuse to leave RDP open on the internet—if it is open, shut it down immediately.
Restrict User Access
It is commendable to trust that your employees will not do something malicious; however, far too many offices have colossal file shares that anybody can access. Even if you trust your employees, restrict access to files and folders based on what they need to perform their job functions. If they do somehow manage to run ransomware, at least the damage will be restricted to what they can access. I’m not talking about restricting access within your practice management software; that’s easy to do. I’m talking about restricting access across the entire network.
Most dentists and staff use between 5 and 10 applications to perform their job functions. With that in mind, operating systems are pretty much left wide open, so any application, malicious or otherwise, can run. This leaves your practice vulnerable to zero-day or new trending malicious software, including ransomware. By not restricting what can run, you leave yourself exposed to vulnerabilities or the misuse of legitimate software. Antivirus software only attempts to block the bad stuff and oftentimes it fails. If you start with a default-deny approach, any application will be blocked regardless of whether it is known or unknown malware. Our ThreatBlock software, which many of our clients use, is excellent at stopping all unapproved programs from running.
Add Dual-Factor Authentication
Our job as IT professionals is to protect your infrastructure, but too often our tools are being used against you. IT management, remote monitoring and management, and other similar tools are extremely powerful. They make the job of IT professionals easier, but when used by an attacker, they can also make the deployment of malicious software easy.
To avoid this, add dual-factor authentication to your systems. Dual-factor authentication should not be considered enhanced security for IT or managed service provider (MSP) tools. It should be standard, especially since many platforms cost nothing. There are many free dual-factor applications available. Duo, for example, takes no more than 20 minutes to install and is free for up to 10 users. Enable it on everything! Far too many MSPs and IT departments are getting breached, whether it be via ScreenConnect (now ConnectWise Control), Kaseya, GoTo Resolve (previously known as GoToAssist), or TeamViewer. Do yourself a favor and turn on dual-factor today.
Patch Your Computers
This should not be up for debate. Patch your operating system and third-party applications. You can have the best security software in the world, and, at best, it will be 75% effective if your computers are not patched and up-to-date. I have seen many cases of old vulnerabilities like EternalBlue used to create admin accounts on servers and push out ransomware. Patching is not optional, it’s IT law!