<img alt="" src="https://secure.plan2twin.com/219004.png" style="display:none;">

6 easy ways to secure your veterinary practice data today

As a veterinary professional, you hit the ground running every day. Later, maybe you spend evenings answering calls and texts from clients, or catching up on patient records. But you probably don’t spend a lot of that time thinking about your practice’s digital security. But you should, and here are a few good reasons why:

Fortunately, you can enhance your veterinary practice’s digital security in 6 simple steps:

  1. Invest in your practice management system (PIMS).

  2. Use strong passwords.

  3. Go beyond passwords.

  4. Download all updates and dispatches.

  5. Don't forget firmware updates.

  6. Control who has access to your network (and the devices on it).


1. Invest in your practice management system (PIMS).

Using a cloud-based PIMS significantly increases your digital security. But not all veterinary practice management software is created equal. 

Provet Cloud, for example, has achieved ISO 27001:2022 certification, an internationally recognized standard for excellence in cybersecurity. That should be a must-have when shopping for a cloud-based PIMS.

If a vendor says "We're working on it,” start looking elsewhere.

Even PIMS providers with the strongest security protocols can only protect data that’s transmitted through their software and stored on their servers. 

They can’t, for instance, keep cybercriminals from hacking into your unsecured wi-fi network. That responsibility is on you. And that’s what the rest of this article will focus on.

2. Use strong passwords.

No, your pet's name doesn't count.

Let’s face it: everyone hates coming up with new passwords. That’s why we use easy ones – like the name of our first pet, or our college’s name along with the year of graduation, or some combination of our children’s names, etc.

But ask yourself: when was the last time you took one of those social media quizzes asking you to answer a long list of questions about yourself, then copy and paste those answers into a new post while asking your friends and followers to take the same quiz? Can you guess who besides your friends are interested in those answers?

Cybercriminals, of course! That’s because those seemingly harmless social media quizzes elicit the same answers as do many of the security questions for your financial accounts.

In all likelihood, the person who created that quiz had one thing in mind: scraping your personally identifiable information. So, please, don’t take that quiz.

Writing your password on a sticky note doesn't count either.

Do we really have to explain this one? Now that virtually everyone has a cell phone in their hand, it wouldn’t take more than a few seconds for somebody passing by to take a photo of your passwords written on a sticky note. 

And since many people use the same password for multiple accounts, you and your staff could be putting your personal accounts at risk, too.

Here's what to do instead:

First, change those default credentials!

If you’re still using the default login credentials that came with any of your devices – especially your wi-fi router – change both the user ID and password immediately. 

Typically, manufacturers use the same login credentials for every device in a particular line or series, and cybercriminals know what they are. If you’re still using the defaults, somebody sitting in the parking lot (or your waiting room) can gain access to every device on your network.

Follow industry best practices for secure passwords.

Strong, secure passwords include:

  • At least 12 characters, preferably 14 or more
  • A random combination of lowercase letters, uppercase letters, numbers, and symbols
  • No segments that someone could guess
  • No passwords you’ve used previously or on other accounts

And you may be wondering, “Isn’t that exactly why people tend to write their passwords on a sticky note?”

Consider using a password manager.

A password manager can help by remembering them for you. This means that users have only to memorize a single master password that gives them access to all of their other passwords. You can even set up some password managers to prompt users to change certain passwords on a regular basis.

3. Go beyond passwords.

Using two-factor or multi-factor authorization further enhances security by sending you an email or text message with a temporary passcode to enter. 

That’s known as two-factor authentication. Multi-factor authentication, however, adds an additional layer of security, such as a user fingerprint or even verification of the IP address that the user is trying to log in from.

In addition, some businesses skip passwords altogether and replace them with physical login devices like smart cards or Yubikeys.

4. Download all updates and dispatches.

Whether it’s an operating system update or a new version of an app or other software, it’s important to stay current.

The reason why not to ignore updates: Many of them contain patches for vulnerabilities that hadn’t been discovered when the previous version was released. (If you’re interested, you can read all about these so-called “Zero Day” vulnerabilities.)

5. Don't forget firmware updates.

Are you unsure what “firmware” is? You’re not alone. Firmware isn’t very exciting, but it’s incredibly important.

What is firmware, and why is it important?

Firmware is an embedded set of instructions that make a particular device work. It’s the secret sauce that helps run everything from your “smart” refrigerator to the remote for your smart TV.  For devices that also run software or apps – like your cell phone – firmware is the translator that allows software to tell your device what to do. 

In all likelihood, every device or piece of hardware in your veterinary practice has firmware running behind the scenes. In addition to computer hard drives and monitors, think of things like wi-fi routers, imaging equipment, etc.

Why does firmware need to be updated?

Two reasons: functionality and security. 

Sometimes firmware updates help a device keep pace with evolving technology. But firmware updates can also be a method of fixing a bug or patching a vulnerability (because firmware can be hacked, too).

How do I know if my devices need firmware updates?

If you registered your device when you bought it, you should get an email notification when a firmware update is available.

If not, you’ll need to go to the manufacturer’s website to check for yourself. Be careful, though: firmware is specific to each device (by model number, for instance), so you’ll need to make sure you download the right version. The more critical the device is to your practice, the more careful you’ll need to be when updating firmware.

6. Control who has access to your network (and the devices on it).

Not controlling who has access to your veterinary practice’s network is like leaving your front door wide open. 

Only current employees should be able to access your network.

Having an established protocol for “offboarding” employees (you should be able to create a workflow in any good PIMS system) is critical to your digital security. That workflow should include retrieving any passkeys or other devices that belong to your veterinary practice and deleting the employee’s email and login credentials. 

Grant access on a "need to know" basis.

That means each staff member should be able to access only the parts of your system necessary for them to do their jobs.

This type of digital risk is best told through the story of the Target data breach of 2013.

Here’s what happened: Cybercriminals managed to steal the login credentials of a worker who had been hired to service Target’s HVAC systems. Those login credentials were then used to hack Target’s point-of-sale (POS) devices and steal the payment information of 70 million customers, including 40 million credit and debit cards. 

Unfortunately, there is no reason an employee of a third-party HVAC company should have been granted access to Target’s customer payment information.

What does this example mean for your veterinary practice? 

As Target learned, only staff members who process payments from clients should have access to your payment system. 

But there are other considerations, too. For example, only staff members who order supplies and make payments to your vendors should have access to your inventory management system. Otherwise, any employee could create a fake vendor account and pay themselves for fake deliveries. 

Permissions management is also extremely important for limiting access to controlled substances. With laws governing the ordering, receiving, and dispensing of drugs, it’s up to the practice to maintain strict safety protocols. A robust practice management system will offer permissions management as a native feature. If yours doesn’t, you may need to search for an integration or hire a digital security company to manage this for you.

Key takeaways

Digital security is critical to your veterinary practice’s success. Between the financial costs and the loss of customer trust, 60% of small businesses close within six months of a breach.

The most important thing to remember is that cybersecurity is a shared responsibility. There are some things that a cloud-based practice information management system can do, and there are some things that only you can do.

  1. Select a PIMS provider with the highest level of security certification. Provet Cloud, for example, has ISO 27001:2022 certification, an internationally recognized standard for excellence in cybersecurity.
  2. Follow the steps in this post to secure the information and devices that are part of your practice. That includes your wi-fi router and all of the devices linked to it, from imaging devices to computers to personal cell phones (if staff members use them to log in to your PIMS). 

Want to see how Provet Cloud goes above and beyond to protect your data? From passwordless login to managed permissions, we make your digital security one of our top priorities. Contact us today to learn more.



Author

Provet Cloud