When running a clinic, it is important to keep information away from the prying eyes of hackers and cyber thieves. While there are many methods that can be used to protect computerized data, educating clinic staff on ways to be proactive and preserve password integrity is essential.

The following information identifies the benefits of establishing procedures that will encourage staff to maintain a system of strong password use. 

Why We Use Passwords

Utilizing passwords helps to protect the various types of information often found on a clinic computer system, for instance:

• Business records, including:
  • Banking and accounting information
  • Correspondence relating to legal matters, taxes, and finances:
  • Passwords and PINs
• Confidential and sensitive materials, including:
  • Partnership agreements
  • Employee performance reviews
  • Financial reports of practice
  • Internal memorandums
  • Meeting minutes
• Employee data
  • Contact information
  • Social Security numbers
  • Payroll files
  • Routing bank account information
• Customer communications, including:
  • Financial arrangements, such as account records, transactions for purchases and services, and payment type information
  • Contact information.

Rules of Password Use

Passwords provide a type of technical safeguard that make it difficult to gain access to the information. When talking with staff, advise them to apply the following rules when generating a code for use:  

Rule #1. Never create a password that is made up of:

• Your name or a part of your name
• Your identification number.
• Birthdate/anniversaries
• Location of address (business or personal)

Rule #2. A password should be difficult for someone to guess.

Advise staff to reference something that is obscure, but still memorable to them.

• Suggested practices state that the best way of remembering a password would be to use an easy-to-remember phrase, such as The Quick Brown Fox Ran Through The Forest, and convert it to Th3QU!ckB40wnF0x4@nTh40ughTh3F0r3$t

• One other example would be to use a passphrase, which utilizes text that is easily remembered, but adapted to control access, such as changing The Quick Brown fox Opted to Hide in the Forest to TQBf02h!tF

Both methods allow for the user to remember the password easily but it complicates the way the computers store the password. 

Rule #4. Hard-to-remember passwords should be stored securely.

When a password is hard to remember, recommend staff write it down and store it in a secure place accessible only by them. Recommend they never:

• Leave it inside a desk drawer or taped to the monitor
• Store it in a computer document file marked “Passwords”
• Create a spreadsheet of passwords to store in the cloud.

Rule #5. Passwords should be closely guarded and never shared.

Rule #6. Avoid reusing the same password for several accounts.

It may be much easier to use the same password for your bank, Google, and web accounts, but if that password is compromised, it may lead to additional problems.

Rule #7. Change passwords regularly.

Best practices are to change passwords every few months. 

Password Manager Services

Password manager services offer a type of protected storage that allows the originator to have access to the password, but keeps it hidden from others. Password managers offer staff the ability to use complicated passwords, which provides an increased level of protection. Depending upon the specific password manager, information may be accessed from, for instance:

• Multiple computer systems
• Various web browsers, such as:
  • Google Chrome
  • Internet Explorer
  • Firefox
  • Safari
• Mobile applications, used with:
  • Android
  • iPhone
  • BlackBerry
  • Symbian
• USB drives
• Dropbox.

While some offer additional types of services, using a password manager is basically very convenient. Examples of these services include:

• Dashlane
• LastPass
• 1Password
• KeePass or KeePassX
• RoboForm.

When important information is kept on clinic computers, all staff need to understand the steps they should take to keep the practice safe from being accessed by the wrong hands.

Covetrus can direct you to more information that may be helpful to you in your role as office manager of a veterinarian practice. Contact us or at 855.724.3461.

Sources:

https://www.washingtonpost.com/news/the-switch/wp/2014/08/07/how-to-keep-track-of-your-passwords-without-going-insane/

https://www.wired.com/2016/01/you-need-a-password-manager/