Can We Be Technically Secure in Our Technological Security?

| December 7, 2014
Technological Security

“For Technological Security, MyOutcomes uses encryption for storage of client data as well as for transmitting data to and from their customers”

Technological advances typically bring improvements in the way humans can live. They also bring new threats pertaining technological security and anxieties. The domestication of the horse allowed our ancestors to travel greater distances in shorter periods of time. It also allowed small bands of men to quickly raid villages and getaway before a response could be mustered. The invention of the wheel allowed our ancestors to carry larger amounts of supplies over vast distances. It also resulted in the development of chariots, those state-of-the-art killing machines of the ancient world. That was a threat that would have made anybody anxious.

Today, we have computers, mobile phones and the internet. These advances have led to more effective and efficient ways to store and share data, as well as to communicate with each other. It is only during the last decade or so that we have begun to truly mine the capacity of these technologies to inexpensively provide services such as MyOutcomes, which offers PCOMS Outcome Rating Scale (ORS) and Session Rating Scale (SRS) software to psychotherapists who desire to be more successful in helping clients reach their treatment goals.

Along with these advances, also come new threats. Over the last couple of years, we have become aware that governments have been sponsoring cyber-attacks and hacking activities, not just against other governments, but also against the private sector in order to steal research and private information. Organized criminal gangs are likewise finding that hacking into systems can be extremely profitable as they steal credit information. And then there are the little wannabe hackers who wish only to prove how clever they are.

The problem is not a small one. According to the security software company Symantec, over a half of a billion people had their identities stolen in 2013. The US Department of Health and Human Services reports that during that same time period, an average of 25,000 Americans had sensitive health information breached each day.

Much of the electronic threats come in the form of malicious software. These programs come in the form of viruses, Trojan horses, worms and backdoor programs. Some of this software is designed to acquire information. Spyware, for example, monitors your activity and is often used for gathering information for marketing. Phishing refers to software that monitors your activity in an attempt to collect more private information such as passwords. Other software might create a “trapdoor” that allows someone to sneak into your system or imitate you so that they can gain access. Finally, there is software with the sole purpose of destroying your data or corrupting your system!

In the face of all of this, what can the average agency or psychotherapist do? The bad news is not much. The cost for cutting-edge technology to protect against these powerful threats would be prohibitive. The good news is that the average small business or individual are not primary targets. They aren’t worth the effort. So, the Chinese military and the Russian mafia won’t be expending tremendous energy to crack into your system…unless you have sensitive information on high profile individuals.

That doesn’t mean that if you leave your system vulnerable that they won’t take a look and see what they can get. Nor does it mean that someone who likes to snoop around won’t make an attempt to see how far they can get. And, of course, if you don’t protect yourself from the malicious software, you leave yourself open to all sorts of problems.

HIPAA, of course, requires covered entities e.g. psychotherapists, as well as business associates e.g. MyOutcomes®, to do what they can to protect the privacy of their clients and make their protected health information secure against those who want it, but should never see it. Ultimately though, agencies and psychotherapists, who take the necessary steps needed to protect the privacy of their clients and secure their information, are making a good business decision. So, what can be done?

First, make sure that those tech companies you do business with e.g. your server company, the Cloud-based company you use for data storage or backup, and the software companies whose products you use, take security seriously. One way this is demonstrated is by keeping security patches up-to-date. Another way is the use of encryption. For example, MyOutcomes uses encryption for storage of client data as well as for transmitting data to and from their customers.

A second step that can be taken is to put good security software on your own system. There are quite a few products that are available in providing real-time security. These programs run in the background, monitoring any interaction via the internet for threats. An additional source for protection is on-demand security software. Not being part of the system operations, these programs can be run periodically from the “outside” to determine if anything unwanted has slipped through. Of course, it is important to keep your system updated, especially in regards to security patches, as well has keep your security software updated.

A third step, and a critical one at that, is to create hard to crack passwords. This is the place that all data is most vulnerable, so it makes sense that by making it difficult to gain entry, your data will become more secure. Unfortunately, a lot of people don’t create good passwords. Instead, they use things like dates of birthdays or number sequences like the first five numbers or some have been known to use all zeroes.

There are two tricks to creating difficult to crack passwords. First, the more characters that are used, the greater the challenge for would be hackers. A minimum of seven characters is now suggested. However, more is even better. I know a security expert who creates haikus for his passwords. Not only does this significantly increase the number of characters used, but it satisfies the second trick which is to make a password that isn’t predictable. An ideal password is made up of letters, digits and symbols. For example, MyOutcomes passwords, whether for staff or customers, need to be at least seven characters with at least one upper-case letter, one lower-case letter, one symbol, and one number.

Randomly generated passwords can be ideal but they can also be difficult to remember. However, security programs are beginning to offer virtual “lock boxes” where you can store all of your passwords. Of course, you will still need to remember your password for accessing the lock box. Even if you take the steps to create and store passwords, it is still recommended that you periodically change all of your passwords.

MyOutcomes, as your partner, works diligently to insure the security of your clients’ personal information. MyOutcomes is also working to stay ahead of the game, so to speak, in order to insure that security in the future. As our partners, our clients also need to do what they can as they are the first line of defense against attempts at intrusion. This means having up-to-date security software, strong passwords with a schedule for changing them on a regular basis and, as simplistic as it seems to say, never leaving your computer on and unattended.

For more information, please get in touch with MyOutcomes on www.myoutcomes.com or call us toll-free on 1-877-763-4775.

Pinterest Twitter Facebook Linkedin Youtube Email

Tags: , , , , ,

Category: MyOutcomes

Comments are closed.