How to Protect Your Practice From Spear Phishing Attacks
95% of all cyberattacks targeting enterprise networks in 2020 were caused by spear phishing. That statistic should worry you if your practice is not well protected and your staff is not trained to spot cyberthreats.
We can only speculate and say that this alarmingly high number was due to everyone already fatigued by the waves of problems brought by the COVID-19 pandemic. We’ve been prioritizing our physical health and may have overlooked other dangers like the threats lurking in our networks and computers.
While we have made adjustments over a year into the pandemic, it’s time to bring our attention to the growing number of cyberthreats such as phishing and social engineering.
In the middle of uncertainty and panic, one important thing has been proven to be true all over again: prevention is better than cure. To prevent a cyberattack, you must know how attackers operate and what you can do to prevent them from wreaking havoc in your practice.
What Is a Phishing Attack?
Phishing is a type of social engineering attack in which a scammer uses emails, texts, and social media messages to trick their victims into doing certain actions: share sensitive data like passwords or bank account numbers; or download a harmful file that installs malware on their device.
Most phishing attacks happen via email and learning about them could be the most crucial part of
your practice’s cybersecurity.
Spear Phishing: How It Can Affect Your Practice
Capitalizing on the recent COVID-19 vaccine updates, phishing attacks targeting healthcare practices jumped by almost 200% from December 2020 to February 2021.
Spear phishing is an email phishing scam that targets a specific person or organization. The attacker pretends to be from a reputable organization or someone that the victim already knows.
Compared to other types of phishing attacks, the success of spear phishing comes from extensive research of a target's background and behavior. The attacker may even play the long game and communicate with you for months before they trick you into doing something.
For example, a clinic is looking forward to getting their delivery of COVID-19 vaccines. A scammer pretending to be a vaccine manufacturer will send an email (or a series of emails) to one of the clinic’s staff until they get what they want—money or valuable clinic data.
How to Recognize a Spear Phishing Email
What’s scary about spear phishing is how its emails can look legitimate and easily fool even the most perceptive individuals.
At first glance, a spear phishing email will look like something you receive from a reputable sender like a bank, another hospital, or a third-party vendor. A corporate employee can even get emails from someone pretending to be a coworker.
Here are actions you can take to spot spear phishing:
Scrutinize the email’s subject line.
This malicious email can contain words that are intended to pressure the recipient to take immediate action.
Look out for words like:
- Emergency
- Hurry
- Urgent
- ASAP
- Payment
- Account Number
- Patient Information
- Send immediately
- Transfer now
However, your regular contacts may use some of these words. The next steps can help you verify your suspicions should you receive a potentially devastating email.
Check the sender’s email address.
We can only view the sender's name upon receiving an email. If you don't investigate any further, you can fall victim to a spear phishing attack in a very short time.
Always make sure to look at the sender's email address. If an email seems suspicious, call the person for verification. If the email turns out to be legitimate, tell the sender that you’re just taking precautions.
If you can't make a call, simply ignore the email. If the message is urgent and requires sending of sensitive information, the sender will probably be the one to call you instead.
Look out for irregularities in the email body.
As for the email’s content, you can check for unusual words and terminologies.
Be cautious if the content includes expressions you don't usually hear from this person. Or when you know this person has installed Grammarly premium, yet their email contains a high number of grammatical and spelling errors.
Verify embedded links.
No matter how urgent the email seems, you should remain calm and continue exercising caution. You can simply hover your mouse over a link to check the source.
Scan file attachments.
This is where email security tools come in. If you already have one, your software may automatically scan file attachments for malwares, depending on its settings.
How to Combat Spear Phishing and Other Cyberattacks
Healthcare professionals are careful by nature, but human nature gets the best of us sometimes. It can be exhausting to always be on high alert every time you get a new message in your inbox.
However, it only takes one major breach to bring your whole practice down. So it's important to take these preventive steps to heart.
Conduct cybersecurity training.
Educate ALL employees and conduct regular cybersecurity training sessions.
Some employees may not appreciate it yet and may roll their eyes at another set of training sessions on their calendars, so it’s also critical to emphasize how cyberthreats affect your practice and your patients.
Take it to the next level—add mock phishing scenarios to gauge the knowledge and awareness of your staff.
Get effective email security solutions.
There are plenty of email security tools available, so you have to make sure to pick the most suitable one for your practice.
If you’re not sure what to purchase, consult your IT staff. Many products claim to be the best yet fall short on their promises. Your IT staff should explore various security solutions and select the one that best fits your needs.
Implement stricter protocols for remote workers.
The way we work continues to evolve and remote work may become a permanent part of your organization. All we can do is adapt or risk getting left behind.
HIPAA compliance has become trickier due to the new normal way of working. As an extension to their cybersecurity training, make sure to have an agreement on certain devices and applications that your remote employees use for work.
Partner with a proactive IT support staff.
One of the few steps that many healthcare providers are not yet capitalizing on is having an IT staff who can proactively monitor incoming and outgoing emails.
Having one can save you time and energy from worrying about cyberthreats that can strike anytime.
Exercise Vigilance and Never Let Your Guard Down
Spear phishing attacks are highly targeted and extreme vigilance is needed. Some of the steps required to combat this threat can be easily implemented in your practice. However, the number of victims just keeps rising, resulting in millions of dollars lost to scammers.
Cyberthreats continue to evolve, and so should your defense against them. Don’t let fraudsters fool you and bring your practice down. Show them that you’re craftier and steps ahead of them.
Need help against these cyberthreats? We can assess your IT needs
for free.
Search Articles
News & Resources
ER Tech Pros is a managed service provider (MSP) that specializes in catering to the IT needs of healthcare practices in and around the Sacramento area.
We use our cutting-edge technology, extensive experience, and 24/7 support to make sure your IT network is in its most secure and optimal state.
HIPAA- and SOC-compliant, we are healthcare’s trusted IT experts.
We take care of your IT so you can care for your patients.
8795 Folsom Blvd., Suite #205
Sacramento, CA 95826
info@ertech.io
Resources
Search this Site
Get Updates
Enter your email address below to receive healthcare tech tips and resources from ER Tech Pros.
Connect With Us