If a hacker asked for permission to enter your healthcare organization and steal sensitive data stored on your systems, you wouldn’t open your doors and let him walk right in. Learn how malware can use social engineering to trick people into unknowingly granting malicious software access to their data.
Ancient Greek Tradition in Today’s Cybersecurity Landscape
Similar to the famous tale of the Trojan horse from the ancient Greek tradition, over a decade ago, Zeus malware was released and spread primarily by phishing scams and accidental or unconscious downloads (drive-by downloads), where a person clicks on a malicious link and enables the malware to enter their system. The Zeus malware has become one of the most prolific pieces of malicious software in the world. On its own, Zeus has afflicted millions of machines, but it has also spawned numerous similar pieces of malware built from its code.
→ See Also: Has Your Data Gone Phishin’?
Zeus works by creating a botnet – a network of corrupted machines that are controlled by the malware’s owner – which allows it to collect massive amounts of information and execute large-scale attacks from within an organization’s systems. Zeus also has the ability to target financial accounts by stealing banking credentials from machines it infects through a process called keylogging. Keylogging is when malware tracks when a user is on a banking website or any site where someone enters payment information and records the keystrokes used to log in. Keylogging enables the Zeus Trojan to get around the website’s security recording the login information before it is encrypted. While Zeus first emerged in 2007, it is still a serious security issue. Common variants can transfer funds to attackers after automatically accessing bank information, extract private data from browsers during monetary transactions and more.
How do you defend against a Trojan horse like the Zeus malware? The city of Troy didn’t fair too well in the ancient Greek story because they were unsuspecting and unprepared. Instead, make sure your healthcare organization is on the offensive and assemble your own army of security precautions and controls to fend off Trojan horse threats.
Give Your Staff Knowledge like Athena
As the goddess of wisdom, Athena advised Greek heroes with her knowledge and calm temperament. Give your staff the power to protect against security risks by offering consistent education and training. Make sure everyone in your organization understands the dangers of social engineering and phishing scams. While some may be easy to detect (e.g., a Nigerian prince offering to give you his inheritance), more sophisticated scams (e.g., a request from your IT department for your username and password) are harder to identify. Train staff to be on the lookout for anything that seems suspicious – even the best-engineered scams often have a giveaway. Remind them that it’s better to be safe than sorry, and reporting something suspicious that turns out to be benign is okay. Much like going to the dermatologist to check on a suspicious-looking mole; usually, the mole is benign but you’re still glad you checked because in case it did turn out to be more serious, it’s better to catch it early.
Use the Best Tools Like Hephaestus
Hephaestus carefully crafted all of the weapons for the gods in Olympus. Make sure your organization is leveraging the best tools and innovations to protect your systems from security threats. There are a lot of tools available to help organizations monitor emails and filter out phishing scams. Select a good spam and malware detection tool and integrate it into your email system. Look into options like Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS) and Host Intrusion Prevention Systems (HIPS) which can detect and prevent malicious activity. You should also make sure every device is equipped with anti-malware/anti-virus software and inform staff that they should always install new updates for their software to ensure the highest level of protection.
Secure the Transportation of Sensitive Data Like Hermes
The god of transitions and boundaries, Hermes protected and guided the Greek army during the Trojan War. For the protection of payment data flowing across your systems, it’s crucial to ensure that sensitive data can travel from point to point securely. Storing and exposing credit card information anywhere on your network will be the Achilles’ heel of your security program. Instead, encrypt cardholder data so it never touches your network unencrypted. For point-of-sale payments, leverage point-to-point encryption (P2PE) payment devices that encrypt data immediately so even malicious tactics like keylogging are ineffective. For online payments, use Secure Token to ensure sensitive payment data never touches your servers.
→ See Also: InstaMed's Healthcare Payments P2PE
Bring Healthcare and Payment Together Like Hera
The goddess of marriage would think that bringing payment and healthcare data together on one platform is a great way to ensure higher levels of protection for your organization. A major problem healthcare organizations face is the number of different, often disconnected systems needed to collect, transfer, post and reconcile healthcare and payment information. The more systems you have running in your organization, the more vulnerability points you create. By combining healthcare and payment onto one platform, you can significantly reduce your risk of a breach, as well as reduce your PCI scope and compliance efforts.