Maintaining good email security is an important factor in keeping your network secure and your patient information safe. Statistics show that at least 75% of cyberattacks start with a phishing email, making it the top delivery method for malware and/or ransomware.
Email security needs to be addressed whether or not emails are used to send patient information. Any time anyone, an employee or a patient, sends or receives emails on your network, that is an access point to your network. In order to protect your network, we need to determine what security protocols are in place to ensure nothing malicious is able to piggy-back on the email connections.
If you are sending and/or receiving emails on your office network, you need to set up security around your emails today:
1. Do not allow patients or employees to access your office network on their personal accounts. Especially personal email accounts should not be accessed on office computers or while connected to the office network. This includes not allowing employees or patients to connect their personal phones, laptops, ipad etc. to your office network. All of these items are associated with personal email access; from the moment the device is connected a possible access point is created.
2. If you do not already have a domain, that is the best step to begin securing your email. A domain is after the @ in an email. For example, at TLD Systems, our domain is @tldsystems.com and one email set up with that domain is info@tldsystems.com. There are many different programs that you can use to set up your own domain. Use a program that:
- Will identify incoming emails that come from the same domain or other domains
- Will scan links and attachments in emails to identify if they are malicious
- Can implement SPF, DKIM and DMARC
3. Once you have an email domain good email security includes the following features:
- Emails prescreened: This can often happen at the email providers end or it can be accomplished by an antivirus screening your emails before you open them
- Implementation of the following security protocols by your email provider
* SPF- Sender Policy Framework is an email authentication protocol that lets domain owners specify which mail servers are authorized to send emails for their domain, preventing spoofing and phishing by letting receiving servers check an incoming email's origin against an approved list. It works by publishing allowed IP addresses and servers in your DNS, so when an email arrives, the receiver checks if the sending server is on your list; if not, it's flagged or rejected, improving domain reputation and email security.
* DKIM- Domain Keys Identified Mail is an email authentication standard that uses cryptographic signatures to verify an email's sender and ensure it hasn't been altered in transit, preventing spoofing and phishing. It works by the sending server digitally signing parts of the email with a private key, with the corresponding public key stored in the domain's DNS records for receiving servers to validate the signature, proving the email is legitimate and authorized by the domain owner.
* DMARC- is an email security protocol that helps prevent spoofing, phishing, and malware by letting domain owners control how receiving mail servers handle emails claiming to be from their domain. It acts as a "bodyguard" for your domain, instructing servers to reject, quarantine, or allow emails that don't pass authentication, giving visibility into who's sending mail using your brand.
* If the email provider offers MFA (Multi Factor Authentication) then enable MFA.
4. Implement employee email phishing training: A phishing test would send a realistic, but fake phishing email to employees to see how they would react. This helps to identify the effectiveness of the phishing training and if further training is needed.
In this technological era, email is a main form of communication and because of this email is also exploited in malicious ways. Although we cannot eliminate cyber attacks via email, implementing these measures will significantly secure your email and network. Reach out to TLD Systems to understand what steps you can take to mitigate risk in your office and educate your staff.
(631) 403 6687
https://www.tldsystems.com
Read Comments