<img alt="" src="https://secure.plan2twin.com/219004.png" style="display:none;">
Power outages & phishing scams: Data security for the digital practice

Power outages & phishing scams: Data security for the digital practice

The summer thunder rolls, and you immediately think, “Oh no, will my computer make it?”

Funny how these triggers make us think about what could happen if we haven’t taken precautions – but we usually don’t think about it unprompted. When it comes to protecting our practice’s data, we need to be thinking ahead more than ever. Scammers won’t use thunder when they’re on their way in – and you may not know they’re here until it’s too late.

Infrastructure for the veterinary business has changed so much over the years. We rely on digital data for just about everything today. Practice management software used to run the practice may be loaded locally or can run in the cloud, but there’s no difference in the data security need. When using a cloud-based system, we rely on the source company to make sure the server is secure. When the server is on-site, plans need to include security software and devices to help ensure you are protected from any kind of digital disaster. But there is much more we need to consider.

Where there’s thunder…

Let’s start with natural threats: lightning, flooding, or any other disaster brought on by nature. There is no way to predict when lightning will strike, and whether your server is on site or in the cloud, your practice equipment may be in danger if not protected.

Even with a cloud practice management software, X-ray systems and other testing equipment are at risk of being taken down by power incidents. Contacting your IT provider and making sure that you are protected in house for anything electrical is a great start. There are many hardware devices that can help with this. Common surge protectors, which are really just extension cords, will not protect against lightning or a significant power surge. Check with an IT company to find an approved surge protection solution.

Don’t click that link!

Another threat that can affect on-site or cloud systems equally: humans with bad intentions. And you may wonder, how do they get in? Well, most of the time, we open the door for them.

It may be an email that looks not quite right, a post on social media that leads to a website that may not be safe. It is so easy to copy and paste a logo and mimic an otherwise legitimate company or brand. Maybe they even come in masquerading as a supplier.

One easy safeguard against these phishing scammers: hover your mouse over the email address. If that looks suspicious and not from where you expect, don’t click any links. But there are several ways they can get in. The moment they gain access is not always immediate either – they may lay dormant in the system for a while before launching into trouble, say, with a phone call to the front desk. “This is your IT company. I need you to go to such-and-such website…”

Don’t be fooled. If you have an IT provider, they’re unlikely to just call up the front desk with that type of request. Protect against this kind of data theft by providing your staff with a list of the names of all third-party vendors, including IT provider, that your practice works with; and require some level of identification and verification before sharing any sensitive information.

Do you know where your data is?

Going beyond protecting against data disruption or theft, it’s important to know if you’ve performed a good backup of the data? After all, data is only as good as the last good backup.

If there must be a data recovery for some reason, make sure the steps are in place do to that. Whether your software is cloud- or server-based, a full inventory of where all your data is stored is key. Even in a cloud practice management environment, likely your on-site computers are housing data.

Begin by taking stock of where everything is stored. Is there an X-ray machine, dental X-ray, ultrasound, accounting? Maybe computers where staff have documents stored, such as letters to clients from associates. This information is valuable to the business and needs to be protected.

After the data inventory has been recorded, double check where everything is being backed up. If recovery is needed, do you know the location of the data? How quickly can that information be given to an IT person to restore? Check with your providers to find out who is backing up what. All too often, data is missed, and no one knows it isn’t backed up until there is a need to recover.

Teach your teammates well

No matter what you’ve put in place for data protection, it all starts in the building and with your staff.

Education is the key to overall protection. Have regular discussions with your team around data security – at least monthly to keep it top-of-mind. Helping staff understand the importance of diligence around data security may save the practice, because any one of us is susceptible to clicking on the wrong thing.

When a data breach does happen, have a standard operating procedure in place for staff to know how to report it immediately, including what to do if management isn’t around. For instance, who do they call for IT help? This also is a great resource when they feel that an email or a phone call wasn’t just right. If they understand they can ask first, it may help avoid an issue. When they are being trained about backups, help them understand that if they start saving data to a new place, it needs to be noted so that future backups can capture the data.

Creating one point of data collection is a good way to help this process. Using cloud-based formats such as Google or Microsoft Office 365 can go a long way toward having everything in an accessible place.

The bottom line

Time spent preparing and educating will pay off in the long run. Many businesses never really recover from data loss. More scammers have been targeting veterinary practices over the last couple of years. But even though they don’t really want the data, you should take every precaution to properly store and back up the information in your software system. Because what scammers do know is that your practice needs the data, and you’re likely willing to pay to get it back.


Nancy Dewitz

Nancy has worked with veterinary practices for over 30 years in technical-related positions as well as marketing and consulting. She has held veterinary industry positions such as technical support staff, training, technical installation, practice management software sales, digital X-Ray support, and digital marketing. Finding her passion in consulting, Nancy owns her own business and is a past President (2020) of VetPartners, a practice management consultant member association. She brings a unique perspective to the technical side of veterinary practice and how workflow can impact patient care and practice efficiency.