If your practice is like most others, you have a lot of mobile devices in use. These could be mobile phones that you supply to employees for work or tablets used in kiosks or for patient documentation. Regardless, nearly everyone has a smartphone now and it likely contains sensitive information such as your authenticator app, email, or even messages concerning patient care. In this article, we are going to show you how you can secure mobile devices in your practice to help make sure you suffer a breach.
How to secure mobile devices in your practice
For the purposes of this article, mobile devices are smartphones and tablets. Both are in widespread use in medical practices across the country. However, because of this, they also present a juicy target for attackers who want to gain access to the patient information you have.
We’ve put together a list of things you can do to make sure that the risk that your device is hacked is greatly reduced. Only one of these involves spending any money and they are all easy to do. The goal is to provide you with easy steps to follow to help you secure mobile devices in your practice.
Keep your devices up to date
This is the single most important thing you can do. Periodically, both Google and Apple release updates for their operating systems. These updates contain new features and bug fixes. But they also contain fixes to any security-related issues that were discovered since the last update was released. Both vendors have generally been good at releasing these updates, especially when it patches major security issues.
It is very important that you make sure that when these updates come out that you install them for all devices in your practice. We are going to show you some easy things you can
Use a strong password for your device
Fingerprints and facial recognition are fine but you also need to be sure that you use a strong password. Don’t use the screen pattern or a numerical pin. This password is your last defense if someone were to steal your device. It also ensures that all private information that may be contained on your mobile devices is kept secure. Keep in mind that if you’re using multi-factor authentication (you are right?) then the authenticator app is on your mobile device.
Don’t click on links in email or SMS messages
This is the most common way in which mobile devices are compromised. In fact, this is how Jeff Bezos was attacked. Agents working for Saudi intelligence sent a message to him through WhatsApp that contained a link to malware. You can read more about that here.
Don’t click on any link from anyone whether it comes via email, SMS, Whatsapp, or any other messaging app. It is asking for trouble and a good way to have your device compromised.
Ignore calls from numbers you don’t recognize
Similar to not clicking on any links, if you don’t recognize the number that is calling, let it go to voicemail. Scammers are using mass calling in an attempt to get people on the phone and then social engineer the person into installing apps on their device. If the call is from someone you know, they will leave a message or send you a message another way. Don’t give scammers the opportunity to try and scam you by getting you on the phone.
If using public WiFi, use a VPN
WiFi in public can be safe but the problem is that attackers can set up what are known as evil twin access points. These look just like the free WiFi in Starbucks or other restaurants but are, in fact, controlled by the attacker. It can intercept all traffic and in some cases, redirect you to the non-encrypted versions of websites. This may allow them to capture your login information for certain websites.
To protect yourself against these kinds of attacks, you can use a Virtual Private Network (VPN). This software creates an encrypted tunnel from your device to the VPN company so that all traffic goes through it. This protects you from anyone intercepting your internet traffic.
Don’t install apps that you aren’t 100% sure about
Cybercriminals are always trying to sneak their apps into the Apple App Store and the Google Play Store. They know that if they can their app into the stores, there is a good chance users will trust and install it. Because of this, we need to be more discerning with the apps we are going to install on our phones and tablets. If you aren’t 100% sure about the app, what it does, and what risk you are taking, don’t install it.
Another good habit is to periodically go through all the apps on your device and uninstall any that you haven’t used in a long time. Apps also can contain security issues and many app developers never go back to patch them. No reason to keep apps on your devices that you aren’t using that could increase your device’s attack surface.
If you’re not using WiFi and Bluetooth, turn them off
This one may come as a shock to many. When your WiFi is turned on but it isn’t connected to a WiFi network, it is constantly broadcasting the names of all of the saved WiFi networks in your device. It does this because it is always looking for those networks so it can connect. But someone with the right equipment can collect this information and then use it to build a list of the places you frequent. Also, since many businesses name their WiFi access points after the name of their business, this can sometimes reveal personal information about you that you may not be comfortable with others knowing. Imagine if you had visited a specialist for treating cancer and had used their WiFi. In one case that we worked on, we were able to show that the spouse of our customer had been to several local motels because they had used the WiFi in those locations.
Bluetooth is also a very serious risk. Most Bluetooth implementations weren’t designed with security in mind. There are a great many types of attacks available that range from being able to listen to a phone or access information on the device itself. If you are not using Bluetooth on your device, turn it off.
There is our short list of what you can do to help ensure you secure mobile devices in your practice. These are all easy to do and greatly reduce your risk of being successfully attacked by hackers and scammers.