As an IT professional, I always remind people to make sure their antivirus software is up-to-date and that they scan their computer regularly for malware.
While these items are important, the biggest threat to data security is social engineering. Social engineering is the act of convincing people to revealing information like passwords or credit card information. That means the biggest threat to computer security is … YOU.
The term social engineering was popularized by a computer hacker named Kevin Mitnick, who started using the practice at age 12. He eventually became a very successful computer consultant, but not until spending years illegally hacking.
Most of us have had a message pop up on our computer stating that we have a virus, but clicking on the link will eliminate it for free. Of course, there is no virus but clicking on the link graciously installs one for you. As an added bonus, they offer you the opportunity to purchase software to protect your computer from future virus attacks. Now the hackers have your credit card as well.
We have all received emails telling us either about a problem with the IRS and our taxes or about a problem that has caused our credit card to be locked. The email contains a link requesting additional information necessary to clear up the problem.
Each of these examples prays on a basic human emotion: fear. Instead of realizing that the IRS isn’t going to send you an email or that you just used your credit card a few hours ago so it’s probably ok, you quickly react out of fear without thinking.
One final method used to gather information is a call from your vendor verifying your username and password to take care of a software bug. It’s important to realize that your software vendor doesn’t ever need your password to assist you. If they do, it might be time to consider a new software vendor.
Here are some tips to keep your data (and your patients’ data) safe:
- Don’t share your password with anyone.
- Don’t click on links in email unless you are positive of the source. Instead type the link into your browser manually.
- Make sure the lock icon appears on secure sites before you enter sensitive information.
- Do not give out passwords, credit cards, or any other sensitive information to any unknown person who calls you. Instead, call the company back using a number that you know is correct (not the one given to you by the caller).
- If you or your friends send bulk emails, use the BCC feature in your mail program. Doing so protects everyone from harvesting programs that get installed when someone in your group accidentally clicks a link they shouldn’t.
No related posts.