Your Practice Computer Security – The Russians Are Coming!

crime-scene-computerI had a bit of a scare yesterday.  The first thing in the morning, my office manager told me she couldn’t get the computer at the front desk working.  There was a pop-up window saying my hard drive was full.  Whaaaaaaa??   Sure enough, there it was.  Whisky.  Tango.  Foxtrot!  The computer had pretty much frozen up.  I could barely get it to do anything.

The computer has a 500 Gig hard drive, and I knew it couldn’t be even more than half full.  No way.  I checked the properties of the hard drive.  It was full.  But, full of what?  How??

Had I been hacked?  Did we get a virus?  Am I a victim of ransomware??  Please!  Not that!  Does Vladimir Putin have a vendetta against me?  I bet it’s those fucking Russians!  😉  Though, we didn’t get a pop-up ransom notice, so it probably wasn’t that.  I hope not!  But, I was sweating bullets!

I’ve got a guy!

So, I had my office manager call one of my local dentist friends for a recommendation for a “computer guy,” STAT!  Usually, the “computer guy” is ME.  I’m pretty tech-savvy, but I was too panicked computer frustrationto sort this one out while trying to play dentist at the same time.  In the meantime, I scrambled to check when we had our latest PMS (practice management software) backup to get it restored on my personal laptop.

Long story, short….  The “computer guy” was a gal, and she was at the office by 10:15 am.  It turns out the Windows “temp” folder was FULL of…. stuff…  temp files.  About 250 Gigs worth!  We didn’t figure out where they came from, but we deleted them, and presto!  Back in business within an hour!  Woohoo!

I rescheduled just one patient, as I knew my stress level and his personality were not going to be a good mix that morning.  “A man’s gotta know his limitations.”  And, that was before the fix.  My blood pressure went back to normal, once the “computer gal” got it figured out.  She also showed me how to check and monitor for this issue in the future.

I need to get the bejeezus back in me!

Laptop errorSo, boys and girls, what did we learn?  Sometimes a little scare can put us on notice to be diligent about protecting our data and backing it up EVERY DAY.  Our last available back-up was just a few days previous to this “incident.”  My office manager does it every day, but for some unknown reason, I could not find that last few days.  It wouldn’t have been a big deal to “reconstruct” those few days worth of transactions.  But, better to not have to do that at all.  Are you backing up to a reliable source every day?

Back your ass up!

My recommendation is to back up your data in more than one way, in order to have some redundancy as an added safety measure.  I’d pick at least two of these three:

Encrypted flash / thumb drive.

Encrypted flash / thumb drive.

  1.  Flash / thumb drive – They make some big ones these days (up to 32 Gigs).  And, you can get them encrypted for security reasons (in case it ended up in the hands of the wrong person).
  2. External hard drive – Available up to 4 TB (terabytes) in a portable drive that will fit in a shirt pocket.  Take it home every day!
  3. The “Cloud” – There are a number of online / off-site services you can use to back up data.  I use Dropbox.

Do it every day!  We do it at the end of the work day.

Talkin’ ’bout my restoration…

But, that’s not all, folks!  You can’t just blindly do back-ups every day and rest easy.  You MUST confirm that they are working!  Most of us have a personal laptop or desktop computer at home.  Install a copy of your practice management software on it and regularly RESTORE your PMS data to that computer.  Then open the software and make sure everything is there.  The easiest way is to check the last day’s schedule and see if the transactions are there.  Boom!  Done!  NOW, you can rest easy.

Most PMSes have a built-in back-up and restore function.  Learn how to use it.

Back-up / Restore window for Open Dental.

Back-up / Restore window for Open Dental.

Be vewy, vewy careful!

Elmer_fuddPlease be VERY careful about how you use your office computers online.  Teach your team to never click on links or open files in suspicious emails.  If we aren’t expecting it, we don’t open it.  PERIOD.  Likewise, I’ve taught my team to not click on suspicious pop-up windows.  Come get me!  It’s better to just shut down the computer than to click “OK” or “close” on a suspicious pop-up.

Never, EVER open a file attached to an email that you weren’t expecting or cannot be SURE of what it is first.  Never.  Ever.  Period.  I’ve drilled this into my team.  Never click on a link within an email, unless you KNOW where it goes and have a good reason to do so.

Don’t bank on it!

Lots of scam emails spoof legitimate sources.  Your bank will never EVER ask you to “confirm your information” by an email.  It may LOOK like the sender (“From”) is SunTrust Bank, but if you look more closely at the “from” email address, you’ll see that it isn’t.  They often use official-looking bank logos.  It’s all fake!  The same is true of links embedded in the email body.  The link might SAY “SunTrust Bank,” but it doesn’t go to their website.  If you HOVER (don’t click!) over the link, you’ll see the actual web address pop up at the bottom of your the email window.  And, it won’t be a SunTrust Bank website.

Email "phishing" from fake bank.

Email “phishing” from fake bank.  Your bank will NEVER ask you to “update” or “confirm” your account by email.  Never!  Other clues are…  The “From” email isn’t a bank address.  Ignore the easily-copied logo.  Do NOT click the embedded link.  See next illustration…

Email "phishing" from fake bank.

Never click on the embedded link.  But, if you HOVER (green arrow) your mouse over it (DON’T CLICK!), you’ll see a pop-up box with the actual destination address (red arrow), which, of course, isn’t the bank’s website.

Ooh!  A package for me??

Another recent scam that takes advantage of the holidays are fake notifications from UPS, Fedex, US Postal Service, or other postal delivery services.  The email says they tried to deliver a package unsuccessfully.  Just open the attached file and confirm your delivery information.  DON’T DO IT!  Fake, fake, fake!  And, opening that file may be the end of your data!

Notice the "from" email address (green arrow). It's not a UPS address. The email asks you to open the attached file (red arrow). Do. NOT. Do. That!

Notice the “from” email address (green arrow). It’s not a USPS address. The email asks you to open the attached file (red arrow). Do. NOT. Do. That!  You’ll also often find spelling and grammar errors:  “…. our courier cound not contact you.”

No porn surfing at work!  😉

Limit your web browsing to known and trusted sites.  The bottom line is that your team shouldn’t be “surfing” the web at work, and especially on office computers.  Any internet browsing should be for OFFICIAL BUSINESS ONLY.  I know you’re disappointed I didn’t provide any “illustrations” for this section!  😆

Practice safe computing, my fellow Dental Warriors!  “Ain’t nobody got time” for the kind of shit that can result from bad computer habits!

Digiprove sealCopyright protected by Digiprove © 2016 The Dental Warrior®
This entry was posted in Current Events, Technology, What Happened Today and tagged , , , , , , , . Bookmark the permalink.

6 Responses to Your Practice Computer Security – The Russians Are Coming!

  1. Susan says:

    “Back your ass up!” with a thumb drive…

    {head scratch}

  2. KP says:

    Great article!

    Be careful WHERE you back up. Make sure it’s HIPPA compliant. Things like dropbox are not, unless you have a business account.

    • The Dental Warrior says:

      Good point. There are different levels of products from Dropbox and similar services. The “free” accounts are not enough.

  3. David Moffet says:

    A great reminder of what’s right and wrong. Thanks Mike. Merry Christmas to you and your family

  4. Helen Smith says:

    For my main computer backup I have been using the external drive and for critical documents, I have been using in parallel Google Drive. For cleaning temp files and other garbage files CCleaner served me well for many years.

    It’s great that you included a little guide on how to spot fake emails. I think too many people get a virus by trusting suspicious emails.


Leave a Reply

Your email address will not be published. Required fields are marked *