8 Reasons Why Website Security is Essential for your Dental Practice
Is your dental website safe?
That might sound like the title of a horror movie – and the truth is, it could be. Hackers today are more clever and devious than ever. You might not think that your website will be the target of a cyberattack. You might think the security measures you have in place are sufficient…
But can you be sure?
Your website provides a link to the computers in your office, particularly if you’re hosting it with a server that’s on site. That means that someone who hacks your website might gain access to confidential patient information such as email addresses, Social Security numbers, and credit cards.
You can’t afford to ignore the security of your website, or even to take for granted that your existing security will keep you safe.
With that in mind, here are 8 important reasons to shore up your website’s security now.
1.Hackers Can Take Advantage of Holes in Your Software
Are the plugins and other software on your website up to date? It’s not uncommon for dental practices to fall behind when it comes to downloading and installing security updates on their office computers and their website – and that’s a problem.
Some hackers specialize in finding “holes” in software – weaknesses that may not have been apparent to the developers when they created the software. When a developer like Microsoft or Apple alerts that you that there’s a security update, they do it for a reason.
If you fail to install updates in a timely manner, you could be making yourself vulnerable to hackers. Your website might not be their first target or their only target, but if you make yourself vulnerable you can be certain that eventually, you’ll run into trouble.
The answer here is to make sure to run updates on your website regularly. Check for updates to your plug-ins and if you receive a notice that something is out of date and needs to be updated, take care of it promptly.
Updating your software regularly won’t make you immune to attack, but it will certainly make it harder for a hacker to gain access to your website.
2. Weak Passwords Are Subject to Brute Force Attacks
How secure are you user names and passwords?
In an ideal world, we might all be able to use simple passwords that are easy to remember. However, we don’t live in an ideal world.
If your user ID for your website is “Admin” – a common default name – and you’re using any easy-to-guess password, then your website is at risk for what’s known as a brute force attack.
A brute force attack is one where a hacker manages to gain access to a website simply by trying various passwords until they land on one that works. This sort of attack is the reason that companies who take security seriously usually require complex passwords with lower and upper-case letters, numbers, and special symbols.
It’s true that complex passwords can be difficult to remember, but they’re also nearly impossible to guess. Consider the difference between a simple password like abcdental123, and a complex one like Z27!x42Y. A hacker might guess the first one fairly easily, but that’s unlikely to happen with the second.
If it’s been a while since you changed your password or you’re using one that’s too simple, then now is the time to change it – and get your employees to change theirs, too.
3. Google Has a New Update Coming in October 2017
By now, you should have already updated your site to HTTPS from HTTP. Google has already changed the way it displays sites that aren’t secure, but more changes are coming.
The biggest change – and it’s one that can have a significant impact on patients who visit your dental practice site – has to do with the way forms and other secure pages are displayed. As of this writing in September 2017, those sites have a discreet icon that indicates that they’re not encrypted.
However, in October 2017, there’s a big change coming. Starting then, all entry forms and payment pages that do not use HTTPS will display with the words “Not Secure” in the search bar.
Why does this matter? Patients who visit your site and might want to subscribe to your list or book an online appointment will see a notification that your site isn’t secure. Many of them may decide that entering their information isn’t worth the security risk and decide to find another dentist in the area.
The confidentiality of patient information should be a top concern, so if you have not already updated to HTTPS, you should do so before the beginning of October to secure your site.
4. People Who Post to Your Site May Use Cross Site Scripting to Attack You
If you have a blog or any other kind of user interface where visitors to your site can post content, then your site may be vulnerable to cross site scripting or XSS attacks.
Cross site scripting allows someone with the knowledge to do so to insert malicious code in comments, images, or links they post to your site. Anybody who views the image or clicks the link may be attacked in several ways, including:
You have two options when it comes to protecting your site from XSS attacks. The first is to disallow users to post content to your site, but that may not be ideal – particularly if you want to encourage commenting on your blog posts.
The second option is to implement security measures that prevent people from inserting malicious code on your site. This solution is ideal because it still allows posting while protecting your site from attacks.
5. SQL Injection Can Put Your Website Database at Risk
If the SQL code on your website hasn’t been very carefully written, then you may be at risk of an SQL injection attack.
SQL is code that allows users on your site to do these things:
SQL code that isn’t properly written is vulnerable to attack. A hacker might inject new SQL code into your existing code, making it possible for them to modify or delete your databases. They might also choose to steal information from databases.
If your website stores patient data, passwords, and other important information, then being at the receiving end of an SQL injection attack could be devastating.
The key to protecting your dental practice website from an SQL injection attack is to have a clear line of delineation between program instructions and the code that allows users to insert data. When the two types of code overlap, that’s when your website becomes vulnerable to attacks.
Even if your website was programmed by a professional, the SQL code may be in need of an update.
SQL code that isn’t properly written is vulnerable to attack.
6. Your Website May Be Vulnerable to Malware
Virus and malware protection is necessary anywhere that an outside user or hacker could potentially gain access to your website. Some web hosts provide free virus protection, but is yours up to date?
The thing about computer viruses and malware is that they are always changing. As soon as virus protection companies like Kaspersky and Norton update their databases to protect against new threats, hackers are already at work on the next attack.
In many cases, you can install security plugins to protect your site against malware attacks. One mistake that a lot of dental practices make is assuming that because they’re using a well-regarded host and platform, they’re not vulnerable to attack.
That, of course, is not true. Even a site that’s built with WordPress and hosted with a respected host can still fall victim to a malware attack.
The solution is to double check your security plugins and update them as needed. You also may want to review your host’s statement regarding privacy and security. The more proactive you are about protecting your site from malware, the less likely it is that you’ll run into a problem.
7. Your Admin Pages Are Searchable
Any dental practice website that wants to achieve a high rank on Google needs to be searchable. However, it’s easy to make the mistake of assuming that Google needs access to all of your pages and information for you to meet that goal.
The truth is that your admin pages do not need to be crawled by Google’s robots, and if you don’t code them properly, you may end up inadvertently making them vulnerable to hackers.
If a hacker can access your admin page, they can access:
To understand why that matters, let’s look at one change a hacker might make. Imagine that you have a blog post with a call to action at the end that encourages patients to make an appointment online. If a hacker changed that link, they could redirect the patient to a phishing site where they could grab confidential information from the patient.
Of course, there are other, more dangerous attacks that could happen through your admin page, too. If someone managed to steal your passwords, for example, they could gain access to your databases and steal personal information from your employees and patients.
The solution is to use the robots_txt file to discourage Google from crawling and indexing your admin pages. You can find a complete tutorial on how to do that by clicking here.
8. Your Server Might Fail
Whether you host your website at your office or use a cloud-based host, you have to be concerned about the eventuality that your server might fail. If it does – and if you don’t have a proper backup system in place – then you risk losing your entire website in the process.
Backups are one of those things that we all know we should do. However, it’s very common for small business owners like dentists to sideline basic security measures out of the desire to control costs. However, having a reliable backup system is a must because it allows you to restore your website in the event that the server crashes or your site is compromised by a hacker.
You have several options when it comes to c
reating reliable backups of your website:
If you don’t currently have a backup system in place, you need to take care of that immediately. Even a manual backup is better than nothing.
Your website is the online home for your dental practice and the gatekeeper for sensitive information about you and your patients. It must be as secure as possible.
The looming Google update in October 2017 might be the most pressing security concern, but it also presents an opportunity for you to conduct a complete audit of your site and update your security as needed. That way, you can rest easy knowing that your dental practice’s website is protected.