ABELDent’s System Security helps you protect your practice’s data by preventing unauthorized access to your dental software. Your practice’s data will be much safer if you properly utilize ABELDent’s Authorization Manager along with practicing regular safety habits. Read on to learn about ABELDent’s Security features and how to get the most out of them, along with some pointers on maintaining strong password hygiene.
What is the Authorization Manager?
ABELDent’s Authorization Manager is a powerful tool designed to protect your dental practice’s sensitive data. By enforcing strong password requirements and regular password resets, this feature helps ensure that your practice’s valuable data remains secure. Each ABELDent user has their own unique login credential to access the software. Unique credentials ensure that all actions your team makes in the program are properly tracked under the individual’s name, helping you comply with your local guidelines. Additionally, individual login credentials minimize the likelihood of embezzlement or similar misuse since individuals are far less likely to tamper with records when they know that their username connects them to their activity.
Using the Authorization Manager, you can set your team’s minimum password length to require long and complex passwords. Additionally, ABELDent requires, by default, that team members reset their passwords every 90 days (or about 3 months). Routine password changes are a good habit for you and your team to get into, as it adds another layer of protection against unauthorized access.
Different Ways Hackers Can Access Your Data
Malicious individuals can access your practice’s data in various ways, and it is important to be ready to combat as many of these methods as possible.
The Brute Force Method
- The Brute Force Method is a trial-and-error method where the hacker makes guesses as to what your password might be based on what they know about you. This method requires hackers to try different combinations to try to force their way into your account.
- How to combat this method: Limit the number of attempts a person can try to guess your password. This reduces the risk that someone will guess your real password, and dramatically reduces the threat of an automated attempt to discover your password. ABELDent allows five attempts to enter a correct password before locking the user’s account.
Phishing
- This is a common threat that you may encounter on your practice devices or your personal devices. Hackers try to deceive you via an email or a text (also known as Smishing) by replicating a regular email you may receive. For example, you may receive an email or text that looks like it is coming from a postal service or your bank, but it is a hacker trying to deceive you into providing them with information that will allow them to access your device or system. Phishing usually includes a link that brings you to a website that may prompt you to provide login credentials.
- How to combat this method: Phishing usually has several tell-tale signs that it is a scam. If you stay vigilant and keep an eye out for suspicious emails and texts, you can usually spot a phishing scam quickly. Look for spelling or formatting errors, weird subject lines, messages from email addresses that do not match the actual company that it is claiming to be, etc. Keep a sharp eye out for small differences in email addresses; it is common for hackers to use small changes that are hard to notice at a glance. Also, if there is a link in the text or email, do not click it unless you are completely certain it is legitimate. If you receive an email or text that you are suspicious about, it is best practice to contact the establishment directly to confirm they are trying to reach you or your practice. Ensure you and your team participate in routine online safety training to know what to look out for in new scams to keep your practice data as safe as possible.
Credential Stuffing
- Credential Stuffing refers to hackers using data from previous data breaches, that may include your stolen information, to try to gain access to other websites with the same credentials. Hackers will often use an automated program to do this quickly with a very large number of stolen credentials.
- How to combat this method: Use different passwords and usernames for each website/program to prevent unauthorized access and, if you have the option, enable two-factor authentication. This method may be less of an issue with your dental software, but poses more of a risk to your social media profiles, online banking accounts, and other aspects of your practice that are not limited to your practice management software.
Discoverable passwords
- Having passwords on paper anywhere in your office is a huge and unnecessary risk. If you have passwords to any of your machines or software accounts posted on a sticky note on your desk, near your computers, or anywhere in your office, even if it is well hidden, you are at risk. Do not keep your passwords in a location where others can see them.
- How to combat this method: If your passwords are long and complex but hard to remember, try using a password management program. Alternatively, you could use a mnemonic phrase when creating new passwords to remember the characters more easily. Take all steps to ensure passwords are not stored anywhere that could put you or your practice at risk.
The Characteristics of a Strong Password
Weak passwords that are too short, obvious, and easy to guess put your practice data at risk. Strong passwords will help your practice prevent privacy breaches and identity theft and make it more difficult for hackers to break into your machine. Some characteristics of a strong password include:
- Passwords that are long and complex (at least 8 characters long, ideally even longer)
- Passwords that contain both upper and lower case letters
- Passwords that contain both numbers and special characters
- Passwords that expire after a set amount of time (e.g. quarterly)
- Passwords that do not follow any similar pattern to a previous password or contain the same words as a previous password
On the other hand, there are some common mistakes that people tend to make when creating passwords. Try to avoid making these mistakes to maximize your password’s effectiveness.
- Do not use personal information such as your name, birthday, pet’s name, family’s name, workplace, etc.
- As a rule of thumb, avoid using any words/information that is easily accessible by nearly anyone. For example, posts on your social media page can include your pet’s name or a family member’s name. If the information about you is available to the public, do not include it in your password.
- Avoid reusing the same words, phrases, and patterns as your previous password. Try to have a unique passphrase or password each time you make a new password.
- Hackers who have access to your old password can try replicating previously used patterns to crack your new password. Have an entirely different pattern to throw off potential hackers.
- Do not use the word “password” in any variation.
- This may seem obvious, but having the word “password” in your password puts you and your practice at risk by making your password easier to guess.
Forgotten Passwords in ABELDent
Anyone can forget their password from time to time, and forgetting your password is no problem with ABELDent. If a team member forgets their password, they can click the “Forgot Password?” link when signing into ABELDent. From there, they will be taken to a screen where they can reset their password and will be prompted to include the necessary components of a strong password that we discussed above.
Another safety feature that helps keep unauthorized individuals out of your software is ABELDent’s limit on the number of login attempts. If a person tries to login to your software and gets the password wrong five times, they will be locked out for a period of time. An administrator can reset the user’s account so they can remake their password. This precaution makes the Brute Force Method of hacking nearly impossible, adding an essential layer of security.
Always Have a Backup Plan
Ensuring your team knows the basics of password safety is a simple way, and necessary step to protect your practice’s data. Sometimes, however, things fall outside of your control. It is important to have a contingency plan to be prepared for any possibility. To ensure your practice’s data is secured regardless of the problem, whether it is from a security threat (e.g. ransomware, phishing, etc.) or a natural cause (e.g. flooding, fires, etc.), it is best practice to ensure your practice data is backed up on an external system. ABELDent Remote Backup & Recovery (RBR) is here to help you have peace of mind by ensuring your practice’s data is remotely backed up frequently. If you want more information on ABELDent RBR’s patented process, please call us or visit our website to learn more.
