Top 7 vulnerabilities that can elude standard network monitoring

Publication
Article
Dental Products ReportDental Products Report September 2019
Volume 53
Issue 9

If you don't want any surprises, don't let these fall under the radar.

Many IT companies offer what’s often referred to as Managed Services, also known as Remote Monitoring and Management (RMM).

These tools are great because they allow us to monitor and patch systems for hundreds of clients for an affordable monthly fee. However, even if you have RMM software installed, it doesn’t guarantee you’re getting visibility into all of the most important security and configuration items that need to be checked on a regular basis.

There are many documented cases of employees and/or former employees getting access to the practice’s critical files via one means or another and deleting or copying those files. There was a famous case of a dentist whose entire Dentrix database ended up on a torrent site where anybody could download it!

Related reading: How to protect your practice from ransomware

This should be of concern to anyone who works in a dental office. These things happen all the time. Sometimes, the activity is discovered after the fact when the damage has already been done. More often than not, the dental practice owners are taken completely by surprise. They assume their network is safe because they have software agents monitoring their network, perhaps they have a firewall in place, they have the most current anti-malware software running, etc.

That being said, there are a lot of vulnerabilities that simply elude standard network monitoring.    

My top seven network attributes that are most likely to fall under the radar of standard RMM software are:

  • Domain, network, system and application discover

  • User password strength and risks

  • Permissions and user rights

  • Devices that are plugged in but are unidentified

  • Existing issues on individual computers not being monitored

  • Discovery of servers such as SQL,  Exchange, web, printers, etc.

  • Installed application inventory

How did I come up with this list? That’s the easy part. As I’ve been preaching for many years now, every office can and must do a formal risk assessment. Not only is it required by law (HIPAA), but it can give you a ton of information you wouldn’t normally have access to. I put together the list above after running a risk assessment for a number of new clients who thought their networks were safe and secure. And, in every case, the scanning software found something that was surprising-and not the good kind of surprise!

The good news is you can discover any of the issues associated with the seven issues I mentioned without spending a ton of money, taking down your network, installing a bunch of software or disrupting your practice in any way. A simple risk assessment does all the work behind the scenes and the scan itself can be done in a day. It will pull mountains of valuable data any good IT professional in the healthcare field can evaluate, tell you what was uncovered and recommend the best path forward. 

Related Videos
CDS 2024: What's New at TAG University? with Andrew De la Rosa, DMD
CDS 2024: Breaking Down Barriers to Care with Eric Kukucka, DD
Greater New York Dental Meeting 2023 – Interview with Len Tau, DMD
Greater New York Dental Meeting 2023 – Interview with Hope Slowik
Greater New York Dental Meeting 2023 – Interview with Branden Neish, MBA
Greater New York Dental Meeting 2023 — Interview with Shannon Carroll, RDH
Greater New York Dental Meeting 2023 – Interview with Edward Goldin, DDS
Greater New York Dental Meeting 2023 – Interview with Adam McDaniel from Henry Schein One
© 2024 MJH Life Sciences

All rights reserved.