Page 23 - GP Fall 2020
P. 23

CyberSecurity CyberHygiene

                                            By Joseph DiDonato III, DDS MBA FAGD


      Monday morning, August 29, 2019, in the  Also, important to know is, why would they
      beautiful  waning days of summer before  find you?   The answer is not how valuable
      Covid-19.  We were aware of viruses- both  your data is to a hacker- it is how valuable   DON’T MISS THIS
      the computer and the RNA type, but they  your data is to you.  When your data is held   FREE WEBINAR!
      were not ever present in our minds.  That  hostage for ransom you are now held hos-
      is until ransomware shut down 400 dental  tage to bad actors who will extort you for   CyberSecurity and
      offices.   The event was even more signifi-  money to return your system.  Ransomware
            1
      cant because it was carried out by targeting  has now become one of the most dangerous   CyberHygiene
      The Digital  Dental Record, a provider of  Cybercrime  tactics  facing  healthcare.    As
      IT software to dental practices, and an en-  dentists, we harbor private personal infor-  for the Dental Office
      terprise that is well aware of the dangers of  mation (PPI), that is valuable for the enter-
      ransomware.                           prise and we are perceived to have the funds
                                            for extortion payoff.  Couple that with vul-  Friday, October 16th
      Ransomware is an insidious malware  that  nerable systems and you have a target rich   10am - 12pm
      threatens  to  lock  your  system  or  encrypt  environment.
      your data unless you pay a ransom.   In the
                                   2
      last quarter of 2019 the health care industry  IP Scanning
      saw a 350% increase in ransomware attacks  IP scanning is an automated  way to scan
      according to a study by Corvus, an IT con-  many Internet Protocol address (IP address)
      sulting firm that studies attacks on the IT in-  it is your specific address on the internet and
      frastructure.  And they predict it will only  while you may think that you are simply one
                 3,4
      increase.                             out of millions,  which is true, remember,
                                            computers  are very good at methodically
      Cybersecurity is now a term in our practice  going through millions of addresses in a  study showed that the presence of an open
      liability lexicon that ranks among the larg-  very short time.  To be sure, anything you  port was associated with a 37% greater like-
      est of risks.  This is because at once we have  put on the internet is probably scanned in a  lihood of a ransomware attack.
      vulnerable systems and large penalties for  short period of time.  This is being done by
                                                            5
      having a data loss.  Central to this risk is the  everything from research entities to bad ac-  To protect your system, you can check with

                                                            17
      problem  of human  factors  which  increase  tors who are looking for easy targets.  And  your IT vendor to run a survey of your sys-
                                                              https://en.wikipedia.org/wiki/Rainbow_table

      our risk due to poorly configured systems,  what the bad guys are looking for is the door  tem for open ports.  Or you can run a report

      human factors mistakes- like falling prey to  you left open- an open computer port.  by going to Angry IP Scanner.  (Figure 1)
                                                                                                           6

      phishing attacks and reluctance to use good                                This is a free program you can download,
      password practices. This article attempts to  To understand  your vulnerability, you  and it will scan your IP address and provide

      highlight  important  topics  and  some  ‘cy-  should monitor your attack surface- this is  a report on the condition of your system, in-
                                                            Figure 1
      ber-hygiene’ you may take to decrease your  computer lingo to
      risk.                                 mean the number
                                            of ports that  are
      When  we think  of cybersecurity, we are  open on your sys-
      tempted  to  think  that  we  are  a  small  fish  tem.    The more
      in the sea. That because there are so many  ports you have
      more fruitful targets, we represent an insig-  open equals great-
      nificant  target  to  any  bad  actor.  However,  er   vulnerability.
      nothing can be further from the truth. This is  Generally,  den-
      often referred to as ‘security by obscurity’.   tal  offices  have  a
                                            limited number of
      In cybersecurity there are many questions  ports and it is far
      one can  ask but two of the  most import-  easier control and
      ant  are,  “How  would  they  find  me?”  and,  defend a smaller
      ‘“Why would they find me?” Let’s look at  number of ports.
      both questions.                       The  vulnerability
                                            comes  from pro-
      To be sure, a bad actor does not need to find  grams like Mi-
      you specifically to attack your system.  IP  crosoft  Remote
      address scanners are software programs that  Desktop Protocol
      can scan the internet, searching millions of  (RPD) which al-
      IP addresses (at random) for open ports that  lows you to access
      are vulnerable for attack.  That is how they  your system off-
      identify your open system.            site.    The  Corvus
                                                            Figure 1.


                                                                                      www.nysagd.org l Fall 2020 l GP 23
   18   19   20   21   22   23   24   25   26   27   28