A lot of veterinary clinics use free email services. That’s a problem for more than one reason. First of all, a free service such as @gmail, @yahoo and other generic servers could drive away business. Your use of one can leave the impression that your practice is somewhat amateurish, tainting your credibility. They also can impair the recruitment of quality job candidates. While those are just two concerns, I want to focus here on how business-class email providers help mitigate security threats and safeguard your data and profits.
Free email services provide no real centralized management or protection of a customer’s digital assets. On the other hand, a centralized business-class portal permits the control of all company mailboxes from a main console. Typically, the veterinary practice owner or manager administers the platform and decides who gets an email address. Central management is key to ensuring that you dictate any account additions, deletions and changes. Not having control could mean that a veterinarian or staff member who leaves the practice retains control of a personal email address.
A business-class system also should allow you to block or restrict a separated employee from accessing an email account from a personal device. Ensuring that you have direct access to a practice-owned email account is essential if you want to review communication sent or received by an employee.
Centralized business-class systems support the enforcement of certain security policies. I recommend MFA (multifactor authentication) or 2FA (two-form authentication). These safety measures bar access by only a username and password. Instead, third-party verification, such as through a cell phone text message, is needed to confirm the user’s identity and prevent a hacker from gaining control of the mailbox. MFA/2FA enforcement should be a requirement of all users.
Another precaution involves password complexity and periodic password changes. Stay away from easily guessed passwords. Instead, require upper and lower characters, numbers, at least one special symbol and a minimum of eight characters.
Business-class centralized email solutions come with basic protections, but here are four other considerations to ensure your practice is fully protected.
1. Have a Backup Solution
Business-class email providers do not back up your accounts, so I recommend the use of an email duplication service. The backup should retain multiple copies of the inbox over at least the past 90 days. For example, if an employee left the practice unexpectedly and deleted the mailbox, a backup could restore it. I’ve seen online services mistakenly delete a customer’s email accounts, but a full backup allowed for a fast restoration.
2. Add a Third-Party Spam/Virus Solution
Spam can be a huge waste of time. Almost all users get onto an email list, and their inboxes are soon flooded with distractions (legitimate or not) from vendors and other businesses. Most business-class email systems come with basic spam protection, but a third-party solution keeps inboxes as clean as possible and allows you and your staff to focus on client care. Spam solutions also should screen for malware and viruses so that potentially harmful attachments or web links don’t infect your computer network.
3. Add Phishing Protection
This step is a must, given all the security threats out there. Phishing is on the rise and is effective in spreading ransomware. Hackers can easily create an email that looks almost identical to what a vendor would send, potentially leading to an extortion attempt. Therefore, install a phishing filter so that employees learn of potentially harmful emails.
4. Permit Ethical Phishing Training
Business-class email allows you to surreptitiously phish your employees ethically. Once hooked, the employees can be taught why the email wasn’t legit and how to fend off future phishing attempts. The companies report to you which users need further training.
When it comes to business-class email services, I recommend Microsoft Office 365 and Google Workplace. Both are paid subscriptions that allow a practice owner to manage and enforce the policies described above. Layering such a solution with other security features should be considered as well.
Stop using generic email. Give your practice a more professional image and protect its assets as best you can.
AS PHONY AS PHISH
Phishing is a form of internet fraud that aims to steal personal information such as credit card numbers, social security numbers, user IDs and passwords. Another fraudulent act to guard against is known as vishing.
Check Point Software Technologies reported: “In 2020, we saw the unwelcome return of an old social engineering method in a new guise, one well suited to the current dynamic work arrangement. Vishing, or voice phishing, is an attempt to gain access to private or corporate information or systems through fraudulent voice calls. During the phone call, the attacker leverages social engineering techniques to get the victim to open a malicious document, share sensitive information or give the caller access to private devices.”