Top 7 vulnerabilities that can elude standard network monitoring

August 22, 2019
Dr. Lorne Lavine
Volume 53, Issue 9

If you don't want any surprises, don't let these fall under the radar.

Many IT companies offer what’s often referred to as Managed Services, also known as Remote Monitoring and Management (RMM).

These tools are great because they allow us to monitor and patch systems for hundreds of clients for an affordable monthly fee. However, even if you have RMM software installed, it doesn’t guarantee you’re getting visibility into all of the most important security and configuration items that need to be checked on a regular basis.

There are many documented cases of employees and/or former employees getting access to the practice’s critical files via one means or another and deleting or copying those files. There was a famous case of a dentist whose entire Dentrix database ended up on a torrent site where anybody could download it!

Related reading: How to protect your practice from ransomware

This should be of concern to anyone who works in a dental office. These things happen all the time. Sometimes, the activity is discovered after the fact when the damage has already been done. More often than not, the dental practice owners are taken completely by surprise. They assume their network is safe because they have software agents monitoring their network, perhaps they have a firewall in place, they have the most current anti-malware software running, etc.

That being said, there are a lot of vulnerabilities that simply elude standard network monitoring.    

My top seven network attributes that are most likely to fall under the radar of standard RMM software are:

  • Domain, network, system and application discover

  • User password strength and risks

  • Permissions and user rights

  • Devices that are plugged in but are unidentified

  • Existing issues on individual computers not being monitored

  • Discovery of servers such as SQL,  Exchange, web, printers, etc.

  • Installed application inventory

How did I come up with this list? That’s the easy part. As I’ve been preaching for many years now, every office can and must do a formal risk assessment. Not only is it required by law (HIPAA), but it can give you a ton of information you wouldn’t normally have access to. I put together the list above after running a risk assessment for a number of new clients who thought their networks were safe and secure. And, in every case, the scanning software found something that was surprising-and not the good kind of surprise!

The good news is you can discover any of the issues associated with the seven issues I mentioned without spending a ton of money, taking down your network, installing a bunch of software or disrupting your practice in any way. A simple risk assessment does all the work behind the scenes and the scan itself can be done in a day. It will pull mountains of valuable data any good IT professional in the healthcare field can evaluate, tell you what was uncovered and recommend the best path forward. 

download issueDownload Issue : Dental Products Report September 2019