December 19, 2016
Holidays should be a time of joy. They are also a time when scams abound and cybercriminals ramp up their activity. Online financial transactions and purchases increase, but the flip side of their convenience is that they provide a greater incentive for cybercriminals to generate creative attacks. These can leave your personal information and that of your patients vulnerable to theft and misuse. Increased phishing over the past few years won’t slow down during this festive season; in fact it is likely that this year will be the most dangerous ever.
A signal of the potential seriousness of this year’s threat comes from a study of last year’s holiday season by the Anti-Phishing Working Group (APWG). In addition to the expected phishing surge over the 2015 holidays, the number of phishing sites kept going up from October into the spring, to the tune of 250 per cent. That sustained increase resulted in nearly 300,000 known phishing websites by March 2016. These numbers do not bode well for the last weeks of 2016 and the first months of the new year.
On a practical level, here are examples of the phishing risks facing all of us. Consider the following: you may receive holiday greetings in the form of an e-card. There may even be a link inviting you to open the greeting card online. When you click on that link, you may have just opened the door to cybercriminals who are bent on wreaking destruction, stealing data or holding your organization up for ransom. All it takes is one click to infect a network resulting in the breach of your information, patient data and other confidential information such as intellectual property and trade secrets.
Scammers also exploit last-minute holiday shopping and post-holiday bargain enthusiasts to spread fake offers through spam campaigns via mail or social networks. Even if their deals and sites may look legitimate, beware. These scams spread malicious links to compromised websites that serve malware or could contain malicious attachments. Make sure you verify the legitimacy and reputation of any e-commerce vendors before using them.
Shopping and banking apps used on mobile devices pose particular hazards. A survey by the National Retail Federation states that over half of smartphone users and 60 per cent of tablet owners use their devices for holiday shopping. Two common mistakes are that device users forget to log off of vulnerable apps such as banking, shopping or email; and many users do transactions on insecure wireless networks such as free Wi-Fi hotspots. Even if you are using your home network, make sure your Wi-Fi is protected. And log off of sensitive sites!
It’s not just cyber threats you need to worry about. When many think of security, they think about IT. But physical security is also important, and involves much more than just locks. Social engineering can be costly. Imagine you’re returning from lunch and a well-dressed stranger strikes up a conversation with you. You use your badge to unlock the door and don’t consider that while you’re enjoying the conversation, the affable stranger continues to follow you into a secure facility. Now that stranger who is really a thief in disguise has free access to your environs. This can easily lead to theft of valuable equipment and the breach of patient information, especially if the intruder makes off with unencrypted laptops. Think of the many other ways your physical security — and your organization’s physical security — may be vulnerable. Your organization should have strong physical security policies and procedures, and they should always be in the back of your mind.
This time of year is a time of celebration. It’s also a time to keep your guard up and pay attention to your surroundings. You can avoid putting your personal financial and identity information at risk by taking caution. You can avoid putting your organization and patients at risk by following your security program. (If you don’t have one that is up to date, make 2017 the year to get on top of it.) As the old saying goes, just because you’re paranoid doesn’t mean they’re not out to get you. Another common line from Hill Street Blues – be safe out there!
Happy Holidays from the entire Phoenix Health Systems team!