Yes, when I tell a medical practice they need to ban access to non-business websites…well, let’s just say most people freak.
There are 2 main reasons I recommend banning access to unnecessary websites:
- Productivity – do you really need your staff updating their Facebook status during work?
- Security – doing non-business related thing increases the opportunity for viruses, malware and other security related issues.
“But I have anti-virus…”
Folks, let me clarify something for you – you can have an alarm system on your house, but if you let the burglar in, that alarm system is doing you no good.
The same goes for anti-virus. You can have the best anti-virus going, but if you go to a website that have a “malicious” link or you receive an email with a “malicious” in it, you have just opened the door and let the burglar in.
As luck would have it, I just received a nice example of one of these emails.
Don’t worry, what you see below is just an image of the email with a malicious link:
Let me point out a few things about this email that should make you suspicious:
- I don’t know who neil julie is.
- I don’t know who any of the other people are, even though there are just first names
- I have no reason to be expecting anything from “google support”.
But this isn’t really why I started to write this post, the real reason is the UW Medicine data breach.
This breach of over 90,000 patient’s info was made possible by an email attachment received by a staffer.
I know you are thinking to yourself: “self, that can happen whether they are using their person email or their business email.”
I respond by saying: TRUE.
BUT – what we are trying to do is reduce risk.
By limiting the number of outside source from which you and your staff can receive trick emails, you are reducing the risk to your practice.
Again, reducing risk is the goal here, as we will never fully eliminate the risk.
So I say to you, ensure your practice HIPAA policies include the absolute elimination of checking personal email or going to non-business related sites.
When your staff gets upset, go ahead and blame it on me…I’m ok with that.