Cybersecurity pearls for online shopping

November 27, 2017
4 tips to prevent a breach of personal, practice information.

Cyber Monday caps many Americans' post-Thanksgiving shopping weekend with some of the best online deals around, but with all those digital transactions occurring, don't forget smart cyber-stewardship.

Last year alone, Cyber Monday accounted for $3.45 billion in sales, going down as the largest-ever e-commerce day in U.S. history. All-told, that Black Friday to Cyber Monday weekend accounted for a 15% bump in online sales over 2015, or $12.8 billion. That's a trend not likely to diminish this season, market experts predict, with more people opting to shop using their mobile devices rather than visiting traditional brick-and-mortar stores.

It's this online shopping frenzy that presents an opportunity for cybercrime and a potential nightmare for unaware, unprotected consumers. Given the sensitive nature of data collected by doctors of optometry, and the profession's bout with an ongoing data breach, consider these steps to safeguard yourself and your office systems during this holiday shopping season. 

  1. Be suspicious. Be wary of spam or unsolicited emails that may be attempts at sophisticated spear-phishing scams, encouraging you to click a malicious link that's masquerading as a familiar source. Be skeptical of any attempts to solicit personal, financial or network security information, and verify email or redirect website addresses before automatically clicking on a link.

  2. Be in control. Personal, financial or network security information that falls into the wrong hands can be costly and hurt your business dearly. If shopping online, use a credit card instead of a debit card, monitor your credit for fraudulent purchases, check for a secure URL and that you're connecting to the proper domain. A URL that begins with "https" ensures the website is secured using an SSL Certificate.

  3. Be mindful of your passwords. Require secure passwords and authentication. Don't use commonly used passwords, such as '123456.' The U.S. Federal Trade Commission (FTC) recommends using pass phrases and substituting numbers and characters for letters (an example would be using an ampersand for an "a" or a 3 for an 'e'). An example of a pass phrase that would throw off cyberthieves, but would be easy to remember, might be "myfavoritefoodischocolate" but with special characters. Consider using multi-factor authentication as an effective way of preventing "credential stuffing."

  4. Be wary of your surroundings. While more and more people use mobile devices to do their online holiday shopping, it's important to remember that public Wi-Fi isn't secure. Ensure the connection that you're using is legitimate by verifying the connection's name or IP address.

Although it might seem to go without saying to keep track of your device, in 2014 alone, 2.1 million Americans had smartphones stolen and another 3.1 million lost them altogether. If those devices contain passwords, work email or apps to remotely access the practice's EHR, then a lost device represents a HIPAA Security Rule violation and must be reported.

Read "Danger Data: The (Digital) Threat Within," in the May 2017 edition of AOA Focus.  

Related News

How team learning improves doctor, staff coordination

The AOA 2021 Virtual Learning Livecast, Oct. 1-2, offers over a dozen courses specifically geared toward integrated, doctor-paraoptometric education. But registration closes Monday, Sept. 27.

Pandemic savings strategies

COVID-19 has taught us that planning ahead may be more critical now than ever. During periods of uncertainty, it’s important to keep a long-term perspective.

Do we have a failure to communicate?

Effective patient education is the cornerstone to better-informed decision-making skills and better health outcomes, but when was the last time you evaluated your own communication skills?