Think Like a Hacker – Bulletproof Your Data

How Thinking Like a Cybercriminal Will Make You Safer Online

I generally write about dental and other healthcare breach prevention, but I see so many mistakes people are making in their everyday lives, I thought it would be helpful to talk about cybercrime prevention for “everyone”.

Toward the end, I will talk about patient information, but let’s start in a more general sense.

Statistcally speaking, we’ve all been hacked.
This is why learning cyber defense skills are now basic life skills.

Anne Genge | Certified Healthcare Privacy & Cybersecurity Professional

Statistically speaking, we’ve all been hacked. At the time of this article being written, there are at least 12,441,647,441 accounts on the dark web according to the leading reporting website havibeenpwned.com. To check your own email address for free and set up monitoring you can go to Firefox Monitor.

Thinking like a cyber-criminal can help you understand the tactics and methods they use to attack individuals and organizations, which can in turn help you develop better security practices to protect yourself online.

By understanding how attackers operate and identifying potential vulnerabilities in your own online presence, you can take steps to harden your defenses and reduce your risk of being successfully targeted.

Here are a few ways to start thinking like a cyber-criminal and improve your online security:

General Computer Use:

  • Learn about common attack methods: Understand the types of attacks that are commonly used by cyber criminals, such as phishing, social engineering, and malware. By learning about these tactics, you’ll be better able to identify and protect yourself from them.
  • Assess your own vulnerabilities: Take a step back and assess your online presence. What personal information are you sharing online? What accounts do you have and what kind of security measures are in place? By identifying potential vulnerabilities, you can take steps to reduce your risk.
  • Use strong and unique passwords: Use a password manager to create and store strong, unique passwords for all of your online accounts. Avoid using the same password for multiple accounts.
  • Keep your software and systems up to date: Cybercriminals often exploit known vulnerabilities in software and systems, so make sure to keep your systems and software updated to reduce the risk of attack.
  • Be cautious about clicking on links or opening attachments: Cybercriminals often use phishing emails or social engineering tactics to trick people into clicking on malicious links or opening attachments. Be cautious about clicking on links or opening attachments from unknown senders, and if something looks suspicious, don’t click on it.
  • Regularly backup your data: In case of a successful attack, you will want to have a backup of your data to restore it.
  • Educate yourself about basic cyber security best practices and keep yourself updated with the latest threat and attack scenarios.

Check Out Cybersecurity Software for Healthcare Practices

Social Media:

Understanding the risks of social media. An example is Facebook quizzes. Facebook quizzes can be a source of security risks, as they often request access to personal information and can be used to gather data on users.

Here are a few specific risks to be aware of:

  • Privacy risks: Many Facebook quizzes request access to personal information, such as your name, email address, and contact list. This information can be used to target you with ads or phishing attempts, or shared with third parties.
  • Data collection: Quizzes can be used to gather data on users, such as their interests, demographics, and online behavior. This data can be used to create detailed profiles of users and target them with ads or other marketing efforts.
  • Malware: Some quizzes may contain malware or links to malicious websites. If you take a quiz that is not from a reputable source, you could inadvertently download malware or be directed to a phishing website.
  • Scams: Some quizzes may be used to scam users, such as by promising a prize or reward in exchange for personal information.
  • Access to your Facebook account: Some quizzes request access to your Facebook account, which can be used to post on your behalf, send messages to your friends, or access other personal information.
  • It’s important to be careful when taking Facebook quizzes and to be mindful of the information you’re sharing. Before taking a quiz, read the permissions it is requesting, and only take quizzes from reputable sources. Always be aware of the risks and think twice before sharing your personal information.

Web Surfing:

Web surfing can present a variety of online risks, including:

  • Malware: Websites can be infected with malware, which can infect your device if you visit the site. This can include viruses, Trojan horses, ransomware, and other types of malware that can steal your personal information, damage your files, or cause your device to malfunction.
  • Phishing: Websites can be designed to look like legitimate sites in order to steal your personal information or login credentials. These sites may ask you to enter your login information, credit card details, or other sensitive information.
  • Social Engineering: Websites can also be used to trick you into providing personal information or performing actions that you otherwise wouldn’t by using psychological manipulation tactics.
  • Scams: Some websites may be used to scam users, such as by promising a prize or reward in exchange for personal information.
  • Adware and Spyware: Some websites may try to install unwanted software on your device, such as adware, spyware or browser extensions that can track your online activity, collect your personal information, or display unwanted ads.
  • Inappropriate Content: The internet is an open space and you may stumble upon inappropriate or potentially harmful content.

Protecting yourself online includes:

  • Keeping your software and systems up to date
  • Using a reputable anti-virus software
  • Being wary of clicking on links or opening attachments from unknown senders
  • Using a reputable VPN service when connecting to public Wi-Fi
  • Being cautious about providing personal information online
  • Educating yourself about basic cyber security best practices and staying updated with the latest threat and attack scenarios.

Online Dating:

Online dating can present a number of risks to your personal data, including:

  • Privacy risks: Online dating sites and apps may request access to personal information such as your name, email address, location, and pictures. This information can be used to create a detailed profile of you and can be shared with third parties without your knowledge or consent.
  • Data breaches: Online dating sites and apps can be vulnerable to data breaches, which can result in the loss or exposure of personal information. This can include login credentials, personal information, and messages.
  • Scams: Online dating sites and apps can be used as a platform for scammers to target users. This can include romance scams, where scammers create fake profiles to trick users into sending them money, or catfishing, where scammers use fake identities to build relationships with users and then ask for money or personal information.
  • Spam and unwanted contact: Online dating can result in a high volume of unwanted contact from other users, such as spam messages, unsolicited pictures, and unwanted advances.
  • Location tracking: Some dating apps may track your location, and thus, it is important to be aware of the permissions the app is requesting.
  • It’s important to be cautious when using online dating sites and apps and to take steps to protect your personal data, such as:
  • Using a reputable dating site or app
  • Being careful about the information you share on your profile
  • Using a strong, unique password
  • Being wary of unsolicited messages or requests for personal information
  • Being cautious about sharing your location
  • Being cautious about clicking on links or opening attachments from people you’ve met online.
  • It’s also important to be aware of the terms of service and privacy policy of the dating site or app you’re using, and to be mindful of how your personal information will be used and shared.

Protecting Patient Information:

Dental practices handle sensitive personal and financial information on a daily basis, making them a prime target for cyberattacks. It is essential for dental practices to implement strong cybersecurity measures to protect their patients’ information and their own business operations.

  • Implement strict policies and procedures for handling patient information, including regular backups and encryption of all sensitive data.
  • Train all staff on best practices for protecting patient information, including proper password management, and identifying phishing scams.
  • Use secure networks and software to transmit and store patient information, and regularly update all software and systems to ensure they are protected against the latest threats.
  • Secure your network and devices:
    • Use firewalls and intrusion detection systems to protect your network from unauthorized access.
    • Regularly update all devices, software, and systems to ensure they are protected against the latest threats.
    • Implement strict access controls, including unique login credentials for all staff members.
  • Regularly provide training on cybersecurity best practices to all staff members, including how to identify and avoid phishing scams and how to properly handle sensitive information.
  • Encourage staff to report any suspicious activity or potential security breaches.
  • Develop a disaster recovery plan that includes regular backups and procedures for restoring data in the event of a security breach or other disaster.
  • Test the plan regularly to ensure it is effective and can be implemented quickly in the event of an emergency.
  • Regularly monitor and review security:
    • Regularly monitor and review your cybersecurity measures to ensure they are effective and up-to-date.
    • Perform regular security audits to identify any vulnerabilities and take steps to address them.
  • Stay informed and comply with all relevant college regulations and privacy laws that affect your practice.
Get Dental Cybersecurity Training
Anne Genge, Certified Information Privacy Professional, Certified Healthcare Cybersecurity Professional, Certified Healthcare Security Risk Assessment Specialist. Anne is the founder of Myla Training Co., Canada’s first-ever online privacy and cybersecurity training platform for dental professionals. With over two decades of experience, Anne has become a leading expert and trainer in this field. Anne collaborates closely with practice owners, managers, dental teams, and IT providers to ensure the safety of patients and practice data while enabling compliance with privacy regulations. Anne can be reached at anne@myla.training or call 877-363-9229 x702.

Glossary of terms:

Antivirus software: A program that detects and removes malware from a computer or network.

Backup: A copy of data that is made in case the original data is lost or damaged.

Encryption: The process of converting plain text into coded text that can only be read by someone with the decryption key.

Firewall: A security system that monitors and controls incoming and outgoing network traffic.

Intrusion detection and prevention system (IDPS): A system that detects and prevents unauthorized access to a computer or network.

Malware: Short for malicious software, malware includes viruses, worms, Trojans, and other harmful programs.

Password: A secret string of characters used to confirm the identity of a user.

Phishing: The practice of tricking people into giving sensitive information, such as passwords or credit card numbers, through fraudulent emails or websites.

Social engineering: The use of deception to manipulate individuals into divulging sensitive information or performing actions that they would not normally do.

Two-factor authentication (2FA): A security measure that requires two forms of identification to confirm a user’s identity.

Virtual Private Network (VPN): a secure way of accessing a private network over the internet.

Zero-day exploit: A security exploit that takes advantage of a previously unknown vulnerability in a software or system.