In an effort to keep your practice safe in a time of heightened cybercrime, we bring to you another cyber security spotlight. Forbes reports that cybercrime is likely to accelerate in 2021, especially in healthcare. Largely, this is due to how rich patient medical data is to thieves. With the data they collect by infiltrating your practice’s information, they easily social engineer their way into patient’s wallets. This makes it all the more important to understand the different kind of threats your practice faces. Today we cover spear phishing: what is spear phishing, how is it different from phishing, and how can your practice protect itself against it? Let’s find out.
What is spear phishing?
Digital Guardian defines spear phishing as “a targeted attempt to steal sensitive information such as account credentials or financial information from a specific victim, often for malicious reasons.” The cybercriminal does this by acquiring personal details on their victim. This could be hometown, friends, purchase history, place of work, frequent shopping locations, etc. From there, they engage with their target via email or online messaging by disguising themselves as a friend or another trustworthy source they believe their target would speak with.
What is difference between spear phishing and phishing?
Phishing attacks are often confused with spear phishing attacks. This is mostly due to both being online attacks used to acquire information on their victim. Phishing attempts are often broad, untargeted attacks sent to multiple people at once. They are used to steal any type of information that a cybercriminal can get their hands on. The goal of a phishing attack is usually to disguise an email as a trusted source in order to have the recipient open a link or an attachment that then provides the cybercriminal with personal information.
The main difference between spear phishing and phishing attempts is the targeting of the attacks. Spear attempts target one person through researching who they interact with, how they shop, and other online habits in order to build trust and steal information. This makes their communications with their targets seem more legitimate, leading to them being more likely to obtain the information they are seeking from their victim. Phishing is an attempt to send communication on a broader scale with the hopes of someone opening a link or attachment. That click allows the thief to obtain that sought after information.
How can you protect your practice from spear phishing?
There are a handful of ways that all of us can protect ourselves online and in turn, protect our practices, too. Some of those ways include the following…
- Be mindful of what you post on the internet: We are in the age of social media which means many of us post A LOT of personal information online. This makes us easy targets for spear phishing attempts. On your Facebook account, do you list your hometown, family members, where you went to college, stores you like, and other personal items? You are giving a cybercriminal a gold mine of information that they can use to target you. If you want all of this visible to your friends, which is understandable, just make sure you lock down your privacy settings. Pro tip: only accept friend requests from people you know!
- Use smart passwords: Many of us use variations of the same password across multiple platforms. It is easier to remember, easier to access, and more convenient. Additionally, it is also easier for cybercriminals to get into your accounts if they can crack one of your passwords. All of your passwords should vary from one to the other to make it more difficult for thieves to get into your accounts.
- Update your software often and always: It is important to always run software updates as they are available. This helps to protect your system from common attacks and uncover vulnerabilities in your software.
- Use logic: If something seems phishy, go directly to the source! If your boss sends you an email that seems off, email your boss directly in a separate email and confirm if they’ve connected with you. If your bank sends you an email with misspellings and a link, visit your bank website directly. Be logical in your thinking and your approach to emails and communications that seem off or that were unexpected. You could save yourself and your organization a lot of problems.
The bottom line is that cyber criminals are lurking on the web and they are watching and waiting to make their move. Be logical, talk to trusted sources, and always verify information before clicking on anything.
Are you looking for a cyber tool to help you expose vulnerabilities and keep your practice safe? MicroMD has solutions for your practice like Medical Guardian and MicroMD eBackup to back up your information. Learn more today at micromd.com/marketplace or call us at 800.624-8832.
About the author,
Savanna is the Marketing Communication Specialist at Henry Schein MicroMD. She schedules emails to clients, prospects, and VARs, manages social media accounts, performs research, writes blogs and eBooks, and much more while helping to support the simple yet powerful MicroMD solutions.
Looking for PM or EMR Software?
MicroMD PM and EMR/EHR is flexible and can fit almost any specialty. Let us help you get back to the business of healing.