Many of the issues we see in cybersecurity, whether you are in healthcare, retail, finance, etc., are by and large preventable. It is not about having a big budget or a large team of experts. No, some of it is just common sense. It is not unlike driving a car. When driving a car you take several basic, yet important, steps to try and lower your risk of an accident. You look both ways at a stop sign, you drive safely to avoid losing control, you keep your car in working condition, and just in case you are in an accident, you’re protected by your auto insurance.

Nothing really difficult. Does it mean you will never have an accident? Of course not, but you significantly lower your risk.

When trying to protect your organization’s information, some of the worst – and most common – information security errors are also the ones that are the most preventable. Let’s take a look…

Vigilance is often the first step. What do I mean, by vigilance? It is simply not taking security for granted. Far too often I hear, “The chances something will happen to us are so small.”  That always sounds good, until something happens.

Antivirus is something that is surprisingly overlooked. It is not always that organizations forget to install it, it is that they forget to keep it updated and the license renewed. If your Antivirus is outdated, for any reason, it is almost as bad as having no protection.

Email security is often overlooked, even though it is one of the easiest targets for hackers and cyber-thieves. Whether it is due to lack of end-user training or lack of security in place, it is a huge target for hackers. First and foremost your email users should be trained on proper email safety, such as how to avoid phishing messages.

Firewalls these days are often the first line of defense and for smaller shops they are often setup by the internet service provider. The bad thing about that is the provider often leaves the default username and password in place which allows hackers to easily gain access to the firewall and let themselves in the door without knocking. This is generally a very easy change that takes only a few minutes to correct.

Speaking of passwords! I hate to break it to you, “1234” or “password” is a really, really poor password.

Finally, one of the most common mistakes in cybersecurity is…

Backups! I know some are saying, “What do backups have to do with cybersecurity?”


Not unlike having insurance for your car, it is only important when you need it the most. Backups are your insurance for bad things happening, whether it is a cybersecurity issue, an accidental file deletion, or a disaster. Having backups that are stored securely offsite are one of the most important steps to protect your business. There are many options to fit all budgets and organizations.

The biggest thing from all of this is to simply not overlook cybersecurity. I know it is easy to say, “It won’t happen to me.” but the odds are it will.

So, buckle up!

In recognition of October being National Cybersecurity Awareness Month, Third Rock is offering a FREE mini-Risk Assessment to promote the role cybersecurity plays in protecting your patients, your practice and yourself.  In addition, we welcome you to visit our HIPAA and Cybersecurity Resources page.  Do you have a cybersecurity question you’d like answered?  Email us at or give us a call at 512.310.0020.  We’d be more than happy to help!

Protect Your Patients.  Protect Your Practice.  Protect Yourself.™

%d bloggers like this: