Page 23 - GP Fall 2020
P. 23
CyberSecurity CyberHygiene
By Joseph DiDonato III, DDS MBA FAGD
Monday morning, August 29, 2019, in the Also, important to know is, why would they
beautiful waning days of summer before find you? The answer is not how valuable
Covid-19. We were aware of viruses- both your data is to a hacker- it is how valuable DON’T MISS THIS
the computer and the RNA type, but they your data is to you. When your data is held FREE WEBINAR!
were not ever present in our minds. That hostage for ransom you are now held hos-
is until ransomware shut down 400 dental tage to bad actors who will extort you for CyberSecurity and
offices. The event was even more signifi- money to return your system. Ransomware
1
cant because it was carried out by targeting has now become one of the most dangerous CyberHygiene
The Digital Dental Record, a provider of Cybercrime tactics facing healthcare. As
IT software to dental practices, and an en- dentists, we harbor private personal infor- for the Dental Office
terprise that is well aware of the dangers of mation (PPI), that is valuable for the enter-
ransomware. prise and we are perceived to have the funds
for extortion payoff. Couple that with vul- Friday, October 16th
Ransomware is an insidious malware that nerable systems and you have a target rich 10am - 12pm
threatens to lock your system or encrypt environment.
your data unless you pay a ransom. In the
2
last quarter of 2019 the health care industry IP Scanning
saw a 350% increase in ransomware attacks IP scanning is an automated way to scan
according to a study by Corvus, an IT con- many Internet Protocol address (IP address)
sulting firm that studies attacks on the IT in- it is your specific address on the internet and
frastructure. And they predict it will only while you may think that you are simply one
3,4
increase. out of millions, which is true, remember,
computers are very good at methodically
Cybersecurity is now a term in our practice going through millions of addresses in a study showed that the presence of an open
liability lexicon that ranks among the larg- very short time. To be sure, anything you port was associated with a 37% greater like-
est of risks. This is because at once we have put on the internet is probably scanned in a lihood of a ransomware attack.
vulnerable systems and large penalties for short period of time. This is being done by
5
having a data loss. Central to this risk is the everything from research entities to bad ac- To protect your system, you can check with
17
problem of human factors which increase tors who are looking for easy targets. And your IT vendor to run a survey of your sys-
https://en.wikipedia.org/wiki/Rainbow_table
our risk due to poorly configured systems, what the bad guys are looking for is the door tem for open ports. Or you can run a report
human factors mistakes- like falling prey to you left open- an open computer port. by going to Angry IP Scanner. (Figure 1)
6
phishing attacks and reluctance to use good This is a free program you can download,
password practices. This article attempts to To understand your vulnerability, you and it will scan your IP address and provide
highlight important topics and some ‘cy- should monitor your attack surface- this is a report on the condition of your system, in-
Figure 1
ber-hygiene’ you may take to decrease your computer lingo to
risk. mean the number
of ports that are
When we think of cybersecurity, we are open on your sys-
tempted to think that we are a small fish tem. The more
in the sea. That because there are so many ports you have
more fruitful targets, we represent an insig- open equals great-
nificant target to any bad actor. However, er vulnerability.
nothing can be further from the truth. This is Generally, den-
often referred to as ‘security by obscurity’. tal offices have a
limited number of
In cybersecurity there are many questions ports and it is far
one can ask but two of the most import- easier control and
ant are, “How would they find me?” and, defend a smaller
‘“Why would they find me?” Let’s look at number of ports.
both questions. The vulnerability
comes from pro-
To be sure, a bad actor does not need to find grams like Mi-
you specifically to attack your system. IP crosoft Remote
address scanners are software programs that Desktop Protocol
can scan the internet, searching millions of (RPD) which al-
IP addresses (at random) for open ports that lows you to access
are vulnerable for attack. That is how they your system off-
identify your open system. site. The Corvus
Figure 1.
www.nysagd.org l Fall 2020 l GP 23