Cybersecurity pearls for online shopping

November 27, 2017
4 tips to prevent a breach of personal, practice information.

Cyber Monday caps many Americans' post-Thanksgiving shopping weekend with some of the best online deals around, but with all those digital transactions occurring, don't forget smart cyber-stewardship.

Last year alone, Cyber Monday accounted for $3.45 billion in sales, going down as the largest-ever e-commerce day in U.S. history. All-told, that Black Friday to Cyber Monday weekend accounted for a 15% bump in online sales over 2015, or $12.8 billion. That's a trend not likely to diminish this season, market experts predict, with more people opting to shop using their mobile devices rather than visiting traditional brick-and-mortar stores.

It's this online shopping frenzy that presents an opportunity for cybercrime and a potential nightmare for unaware, unprotected consumers. Given the sensitive nature of data collected by doctors of optometry, and the profession's bout with an ongoing data breach, consider these steps to safeguard yourself and your office systems during this holiday shopping season. 

  1. Be suspicious. Be wary of spam or unsolicited emails that may be attempts at sophisticated spear-phishing scams, encouraging you to click a malicious link that's masquerading as a familiar source. Be skeptical of any attempts to solicit personal, financial or network security information, and verify email or redirect website addresses before automatically clicking on a link.

  2. Be in control. Personal, financial or network security information that falls into the wrong hands can be costly and hurt your business dearly. If shopping online, use a credit card instead of a debit card, monitor your credit for fraudulent purchases, check for a secure URL and that you're connecting to the proper domain. A URL that begins with "https" ensures the website is secured using an SSL Certificate.

  3. Be mindful of your passwords. Require secure passwords and authentication. Don't use commonly used passwords, such as '123456.' The U.S. Federal Trade Commission (FTC) recommends using pass phrases and substituting numbers and characters for letters (an example would be using an ampersand for an "a" or a 3 for an 'e'). An example of a pass phrase that would throw off cyberthieves, but would be easy to remember, might be "myfavoritefoodischocolate" but with special characters. Consider using multi-factor authentication as an effective way of preventing "credential stuffing."

  4. Be wary of your surroundings. While more and more people use mobile devices to do their online holiday shopping, it's important to remember that public Wi-Fi isn't secure. Ensure the connection that you're using is legitimate by verifying the connection's name or IP address.

Although it might seem to go without saying to keep track of your device, in 2014 alone, 2.1 million Americans had smartphones stolen and another 3.1 million lost them altogether. If those devices contain passwords, work email or apps to remotely access the practice's EHR, then a lost device represents a HIPAA Security Rule violation and must be reported.

Read "Danger Data: The (Digital) Threat Within," in the May 2017 edition of AOA Focus.  

Related News

‘Surgical Saturday’ courses build your practice’s office-based laser skills

Have office-based laser procedures piqued your interest? Hear from four Optometry’s Meeting® speakers about how every member of your care team can benefit from this new educational programming.

Managing expectations: Telemedicine’s next step

Out of the pandemic’s disruption came a new level of comfort with technology, redefining our routines. From shopping and entertainment to health care, Americans’ expectations are changing—and industries are adapting. Telemedicine is at a pivotal moment. So how do providers meet patients’ expectations with sound, quality care?

As law evolves, Board of Trustees updates AOA Antitrust Compliance Policy

Violators of antitrust laws are potentially subject to criminal and civil penalties, as well as “immediate dismissal” from their position or relationship with the AOA, even if they were unaware their actions were not legal.