If you’re like most people, you don’t know what you don’t know.
Let’s take a look at some common misconceptions mental health providers tend to have about cyber security:
No one wants to hack me.
This dangerous thinking on two fronts.
First: small health care providers like you are *cherry* targets for hackers. You have all sorts of juicy PHI that can be sold on the black market, and (so far) no security budget or expertise on staff. Can you say “candy from a baby?”
Second: the vast majority of hacks aren’t against a particular target, at least not at first. They’re automated routines that scour the Internet, looking for weak spots and targets of opportunity. If your computer isn’t hardened against these automated attacks, it’ll be compromised without a hacker ever having heard of you.
I use a secure online portal for client information, so I'm safe.
That’s a good start, and something I strongly recommend to all my clients, but it’s not enough.
Where does the information you put in your portal come from? That’s right: your computer. If your computer is compromised, say by a keylogger, a hacker will have a copy of everything you type.
Even worse, if a hacker grabs your credentials for the portal and pivots to hack that, where do you think the lawyers are going to lay the blame?
I already have Norton / McAfee / another security product.
And it’s time to upgrade.
Your clients are trusting you with the most personal details of their lives, and they deserve the best services you can give them, including the best security.
You wouldn’t protect your office with a foam-core door; Don’t make the same mistake with your computer.
It's too complicated / time-consuming.
You’re a smart person (you have to be, to be in this field!) and you can definitely figure all this stuff out. But is that how you really want to spend your time?
That’s why handing your cyber security off to a professional makes all the sense in the world.
It's too expensive.
What’s it worth to you to have the trust of your clients?
For less than a monthly cell phone plan, you can rest assured that you’ve taken appropriate measures to protect both your clients and your business.
That’s not an expense, it’s an investment in your business; in yourself.
I already have a computer person who takes care of my stuff.
Asking for help is the first step, right? 😉
Having a trusted geek to help you with computer things is really good, and I’d never suggest that you leave that person behind.
Instead, ask them about your security posture. When’s the last time you’ve had a verified-good backup? What’s your DNS filtering policy? How sure are they that there’s no malware on your workstation?
I can add my experience and tool set to that of your current computer person and work with them to make sure that your practice runs more smoothly than ever before!
I don't know you. You could be a hacker.
That’s the best objection: You don’t know or trust me.
The only way to really overcome this is for us to meet each other so you can do a gut-check on me. Do I seem legit to you, or do I ping your radar some how?
- I have several industry-standard security certifications, including the CISSP, GPEN, and GWAPT. Basically, those indicate that I’ve spent years studying cyber security from the standpoint of how attacks work, how to defend against them, and how to ensure business-critical processes stay protected.
- I have happy clients in several states in the upper-Midwest, and am willing to put you in touch with them if you like.
- I’ve been involved with cyber security at several levels, including small business, local and state government, and multi-state health care.
- I’m a husband, a father, and have a blended family with three teens in the house (whee!). When I’m not geeking out about cyber security or small businesses, I try to spend as much time as possible playing outside in the woods and on the water with my family and friends.