Cybersecurity pearls for online shopping

November 27, 2017
4 tips to prevent a breach of personal, practice information.

Cyber Monday caps many Americans' post-Thanksgiving shopping weekend with some of the best online deals around, but with all those digital transactions occurring, don't forget smart cyber-stewardship.

Last year alone, Cyber Monday accounted for $3.45 billion in sales, going down as the largest-ever e-commerce day in U.S. history. All-told, that Black Friday to Cyber Monday weekend accounted for a 15% bump in online sales over 2015, or $12.8 billion. That's a trend not likely to diminish this season, market experts predict, with more people opting to shop using their mobile devices rather than visiting traditional brick-and-mortar stores.

It's this online shopping frenzy that presents an opportunity for cybercrime and a potential nightmare for unaware, unprotected consumers. Given the sensitive nature of data collected by doctors of optometry, and the profession's bout with an ongoing data breach, consider these steps to safeguard yourself and your office systems during this holiday shopping season. 

  1. Be suspicious. Be wary of spam or unsolicited emails that may be attempts at sophisticated spear-phishing scams, encouraging you to click a malicious link that's masquerading as a familiar source. Be skeptical of any attempts to solicit personal, financial or network security information, and verify email or redirect website addresses before automatically clicking on a link.

  2. Be in control. Personal, financial or network security information that falls into the wrong hands can be costly and hurt your business dearly. If shopping online, use a credit card instead of a debit card, monitor your credit for fraudulent purchases, check for a secure URL and that you're connecting to the proper domain. A URL that begins with "https" ensures the website is secured using an SSL Certificate.

  3. Be mindful of your passwords. Require secure passwords and authentication. Don't use commonly used passwords, such as '123456.' The U.S. Federal Trade Commission (FTC) recommends using pass phrases and substituting numbers and characters for letters (an example would be using an ampersand for an "a" or a 3 for an 'e'). An example of a pass phrase that would throw off cyberthieves, but would be easy to remember, might be "myfavoritefoodischocolate" but with special characters. Consider using multi-factor authentication as an effective way of preventing "credential stuffing."

  4. Be wary of your surroundings. While more and more people use mobile devices to do their online holiday shopping, it's important to remember that public Wi-Fi isn't secure. Ensure the connection that you're using is legitimate by verifying the connection's name or IP address.

Although it might seem to go without saying to keep track of your device, in 2014 alone, 2.1 million Americans had smartphones stolen and another 3.1 million lost them altogether. If those devices contain passwords, work email or apps to remotely access the practice's EHR, then a lost device represents a HIPAA Security Rule violation and must be reported.

Read "Danger Data: The (Digital) Threat Within," in the May 2017 edition of AOA Focus.  

Related News

AOA MORE, optometry’s data registry, takes yearlong pause

The AOA will use the time to evaluate its collection efforts and create a registry for the future that is most useful to improving eye health and vision care. The AOA launched the registry in 2015.

Talking politics in the office? 3 things to keep in mind

Even if you’re choosing to disengage, today’s politics have a way of finding you. What are the ground rules for approaching political debates in the practice?

New rules ahead for patient access to electronic health records

Under new rules for the 21st Century Cures Act, doctors of optometry will need to prepare for changes going into effect April 5. Doctors should check in with their health IT vendor in order to make sure they meet the new requirements.