Cybercrime terminology is complex and constantly evolving. Knowing the meanings behind key terms can make cybercrime easier to understand and prevent. Before understanding the specific types of cybercrime, it can be helpful to understand what kind of cyber threats optometrists face.
General Cyber Terms to Know
Cyber incident
A cyber incident is a broad category of cyber events that has two important characteristics: it can negatively impact your practice, and it requires a speedy response from your IT professionals. Incidents may or may not be intentional or malicious.
Cyber breach
A cyber breach is a subcategory of cyber incident that involves the bypassing or overcoming of your company’s cybersecurity protections. A breach means your private data may have been exposed to unauthorized parties. While a cyber breach is almost always intentional, it is not necessarily malicious. Nonetheless, every breach requires action from security professionals.
Cyber attack
A cyber attack is another subcategory of cyber incident that is both intentional and malicious. Some cyber attacks start with a breach that overpowers your company’s defenses to view, alter or steal your private data. Other attacks are simply designed to damage your computer or network systems. Like a breach, a cyber attack is a significant event that calls for rapid response.
Cyber response plan
A cyber response plan is a formal business plan created to safeguard your practice and minimize the cyber threats optometrists face. Without a plan, you may risk delays or make mistakes that worsen a cyber attack and increase your liability. Steps to create a plan can be found here.
Key Cybercrime Terms
The following are some of the biggest threats currently facing practices and other small businesses.
Phishing
Phishing is a common type of online fraud through email. They are often transactional, promising something in return for your response and providing a convincing reason for you to respond, such as a contest prize or a security check. Requests can ask for login credentials, passwords, credit card numbers, security codes and more. The danger of phishing is that the requests are often quite similar to legitimate requests from people and organizations you regularly do business with.
Phishing prevention tip: Double-check who you are interacting with before providing any private information. Ensure your staff and fellow optometrists do the same.
Vishing
Vishing is a type of phishing scam that involves phone calls. The term comes from a combination of “voice” and “phishing.” Cybercriminals know that many financial institutions have started using phone calls to notify customers of problems with their online banking accounts and are taking advantage of the situation. The difference between a legitimate call and a vishing scam is subtle. A vishing scam will ask for security information like passwords and pins that a real bank will not ask for.
Vishing prevention tip: Avoid providing sensitive information to an unverified caller. If in doubt, hang up and call your bank directly. Train receptionists and office staff to follow a specific plan when unusual requests come up.
Smishing
Smishing is a newer form of phishing involving texts to phones or messaging apps. The term comes from the combo of the “SMS” text technology with “phishing.” Smishing can be dangerous because messages often include a website link for you to visit or a phone number to call. Often the scammer is impersonating a financial institution and the website or phone number supplied will be fraudulent.
Smishing prevention tip: Ignore any unsolicited messages requesting you to supply data, call a number or perform a specific action. Train your staff to do the same.
Pharming
Pharming is a sophisticated type of cyber threat optometrists face that redirects web traffic from a legitimate website to a fraudulent one. A combo of the terms “farming” and “phishing,” this scam works by installing malicious code on a user’s device. The attack may use an email or text message to deliver the code but does not involve a direct request for information. After a device has been compromised, the user will be redirected to a fake site whenever they attempt to access a legitimate one. By entering your login credentials or payment info on the fake site, you will be providing it to the cybercriminal.
Pharming prevention tip: Keep devices up to date, use strong passwords and invest in antivirus protection.
Malware
Malware, short for malicious software, is a piece of software intentionally designed to cause harm to a computer, a network or a user. This attack can cause computers and networks to run slowly or break. It can also be used to create privacy and security vulnerabilities that can be exploited by hackers. Pharming code is one example of malware. Ransomware is another.
Malware prevention tip: Avoid visiting unfamiliar websites, clicking suspicious links and downloading unsolicited attachments that can be used to install malware on your device and network. Ensure employees do the same.
Ransomware
Ransomware works by installing malicious code on a computer or network when you download an infected email attachment, click a malicious link or visit a fraudulent or compromised website. The software is programed to lock up the files on your device and display a screen with instructions for paying a large ransom with the promise of returning your files. Paying the ransom offers no guarantee your files will be returned. Past attacks have ended with data being publicly exposed.
Ransomware prevention tip: It’s important to train your employees for awareness and to avoid actions that could download malware. Secure your computers and network and create regular, redundant backups of all your data and store it separately from your primary systems.
BEC scam
BEC stands for “business email compromise” and it involves the use of targeted email communications to defraud a company. These scams are common and sophisticated, targeting businesses that routinely make or receive payments online. BEC scams are dangerous because these fake emails appear to come from a trusted sender, such as a CEO, VIP or regular contact. Small differences in the sender’s email address are often the only clue something is amiss.
BEC scam prevention tip: Pay careful attention to email sender addresses whenever financial requests are involved. Always confirm wire instructions and change requests by another secure method such as a phone call before proceeding.
Funds transfer fraud
Funds transfer fraud happens when a cybercriminal inserts themselves into communications facilitating a transaction involving large sums of money. Examples include mergers and acquisitions, real estate transactions, legal settlements, retirement disbursements and more. This scam is dangerous because of the sums of money involved and the considerable difficulty getting the funds back, especially when they are quickly wired overseas.
Funds transfer fraud prevention tip: Follow current best practices, focus on training for your office staff, follow set procedures and verify everything.
Social engineering
Social engineering is a frequently used tactic by cybercriminals. It involves trickery, deception or psychological manipulation to facilitate online attacks, scams or fraud. Cybercriminals often use social engineering as a first step to convince business owners and employees to divulge sensitive information such as passwords or security procedures that can then be used to hack a computer or network. Phishing, malware, ransomware, BEC scams, funds transfer fraud and more all typically start with social engineering tricks.
Social engineering prevention tip: Always check the source of the communication, ask for identification, use a good spam filter and pause and think critically when noticing unusual activity.
Protecting your Practice with Cyber Liability insurance
Doctors of optometry have a responsibility to protect business records and personal information of patients from the cyber threats optometrists face. Because your practice collects personally identifying information from patients and minors, such as social security numbers, birth dates, health records, addresses, payment information and more, you have a risky database that is extremely valuable in the hands of a cyber criminal.
With Cyber Liability insurance from Lockton Affinity, you’re covered for the high costs that come from theft or breach of patient data and several additional benefits.
Learn more about the benefits of this coverage today.