CISA has released a database of free tools and services to help protect your veterinary hospital from cyber crime and ransomware. One of the biggest challenges we face in veterinary medicine, is that we see our ‘IT Person’ as our security expert. Only to realize after we’ve been hit that our security posture was too weak.
One way we can combat this is to inform ourselves on the tools and services we should have implemented in our veterinary hospital. We DON’T need to know how to implement them. Rather what they are and why they are important. This was we can speak with out ‘IT Person’ to better understand our security posture.
Now for the legal jargon:
The list is not comprehensive and is subject to change pending future additions. CISA applies neutral principles and criteria to add items and maintains sole and unreviewable discretion over the determination of items included. CISA does not attest to the suitability or effectiveness of these services and tools for any particular use case. CISA does not endorse any commercial product or service. Any reference to specific commercial products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply their endorsement, recommendation, or favoring by CISA.
Starting with the basics
All veterinary hospitals should take certain foundational measures to implement a strong cybersecurity foundation:
Check for Risky Software on your workstations.
Check the CISA Known Exploited Vulnerabilities (KEV) Catalog for software used by your organization and, if listed, update the software to the latest version according to the vendor’s instructions. Note: CISA continually updates the KEV catalog with known exploited vulnerabilities.
Implement multifactor authentication (MFA).
Use multifactor authentication where possible. MFA is a layered approach to securing your online accounts and the data they contain. When you enable MFA in your online services (like email), you must provide a combination of two or more authenticators to verify your identity before the service grants you access. Using MFA protects your account more than just using a username and password. Why? Because even if one factor (like your password) becomes compromised, unauthorized users will be unable to meet the second authentication requirement, ultimately stopping them from gaining access to your accounts.
STOP bad practices.
Take immediate steps to: (1) replace end-of-life software products that no longer receive software updates;
(2) replace any system or products that rely on known/default/unchangeable passwords; and
(3) adopt MFA (see above) for remote or administrative access to important systems, resources, or databases.
Sign up for CISA’s Cyber Hygiene Vulnerability Scanning.
Register for this service by emailing vulnerability@cisa.dhs.gov. Once initiated, this service is mostly automated and requires little direct interaction. CISA performs the vulnerability scans and delivers a weekly report. After CISA receives the required paperwork, scanning will start within 72 hours and organizations will begin receiving reports within two weeks. Note: vulnerability scanning helps secure internet-facing systems from weak configurations and known vulnerabilities and encourages the adoption of best practices.
Get your Stuff Off Search (S.O.S.).
While zero-day attacks draw the most attention, frequently, less complex exposures to both cyber and physical security are missed. Get your Stuff Off Search–S.O.S.–and reduce internet attack surfaces that are visible to anyone on web-based search platforms.
Free tools you should implement today:
The CISA site lists a whole lot of FREE tools that you can use to shore up your cyber security defenses. Here are some of our favorite that you should take advantage of. And lets be honest, with all these free resources there is no excuse not to protect your veterinary hospital, clients and patients from the damage caused by cyber crime.
Complete List: https://www.cisa.gov/free-cybersecurity-services-and-tools
1) CISA Phishing Campaign Assessment
a. This is a FREE Phishing campaign that is offered by the CISA to assess your level of risk within the email address you provide them.
b. Sign up for FREE here for the CISA’s cyber hygiene services.
c. https://www.cisa.gov/cyber-hygiene-services
2) CISA Remote Penetration Test
a. Did your ‘IT Person’ set you up with remote access so you can update your patient records from home? Well use this FREE service to see what risk you are at of cyber criminals using that same access
b. This is also included in the Cyber Hygiene Services
c. https://www.cisa.gov/cyber-hygiene-services
3) Controlled folder access/Ransomware protection in Windows
a. Worried about losing all the data stored in shared folders on your network, Dental Images, HR files, Quickbooks folders, take home sheets etc?
b. Microsoft has implemented Controlled folders to help protect those files from Ransomware attacks
c. https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/controlled-folders
4) What Technology Assets do you have in your veterinary hospital?
a. Like most owners of practice managers this stuff has accumulated over years and years and we generally have no idea. When you ask your ‘IT Person” Generally they have some mild ideas but their documentation in most cases is terrible.
b. Use this free spreadsheet to help gain control over all the technology in your hospital
c. https://www.cisecurity.org/white-papers/cis-hardware-and-software-asset-tracking-spreadsheet/
5) Stop your PC from connecting to malicious sites automatically
a. Quad9 is a great tool to stop your computers and servers from connecting to bad sites automatically.
b. https://quad9.net/support/set-up-guides/windows
This list is very comprehensive and can seem a bit daunting. However fear not as Lucca Veterinary Data security is here to help you implement these safe guards. Schedule a Free call with us today to see how we can help keep your veterinary hospital safe.