As one of the UK’s leading cloud-based practice management software providers for the medical sector, the security of the data held on our servers is of the highest importance to MidexPRO.
We have been registered with the ICO since 2002 and are fully GDPR compliant. We are also registered and published with the NHS Data Security Protection Toolkit (DSPT) and have been assured by Cyber Essentials since 2019, with renewals carried out each year.
As has been starkly evident from recent attacks seen in the national news, hackers carry out cyber-attacks daily and no business is off-limits.
Such headlines highlight the potential risks to our personal data, meaning we must be even more vigilant in the steps we take to avoid becoming a victim of such an attack. While MidexPRO continually invests in robust security measures, protecting data is a shared responsibility between software providers and users alike.
As we remain on high alert, we want to promote some of the recommended advice provided by Cyber Essentials and the National Cyber Security Centre.
Malware (malicious software) is software or web content that can harm your organisation. The most well-known form of malware is viruses, which are self-copying programs that infect legitimate software.
Most of us will have experienced a virus sent in the hope of that all-important click which provides access to the hacker. Many of us are also aware of phishing emails that attempt to steal sensitive data or login credentials.
Below are some simple but effective steps we can all take to protect ourselves and our organisations.
Anti-virus software
Adding a defence against online attacks is to install anti-virus software such as Windows Defender or other similar solutions, which can help detect and block threats before damage is done.
Firewalls
Firewalls create a ‘buffer zone’ between your internal network and external networks (such as the internet). Many popular operating systems include a firewall, so it may simply be a case of ensuring it is switched on.
Patching
Ensure all IT equipment, including tablets, smartphones, laptops and PCs, is kept up to date with the latest software and firmware. This process, known as patching, is one of the most important actions you can take to improve security. As products reach the end of their supported life, updates will cease to be available and consideration should be given to sourcing modern replacements.
IT Policies
Ensure robust IT policies are in place for all staff, covering areas such as the use of USB drives, downloading apps, and accessing systems remotely. Clear policies help reduce human error and maintain a strong security posture.
Multi-Factor Authentication (MFA)
We strongly encourage all MidexPRO users to enable Multi-Factor Authentication. MFA is a security protocol requiring users to provide two or more forms of identification to access accounts or systems, significantly strengthening protection beyond just a password.
- How does Multi-Factor Authentication work?
Once enabled, MidexPRO sends a unique code via email to the registered user on the account. This code must be entered before access is granted.
Combined with individual login credentials known only to the user, this makes unauthorised access even more difficult. MFA is very easy to switch on and completely FREE.
Contact support@midexpro.com to enable this feature.
Passwords and User Access
Always ensure strong and unique passwords are used and never share your MidexPRO password with anyone. Shared passwords significantly increase the risk of data breaches and make it impossible to accurately track user activity.
It is essential that all staff members — including temporary, locum or additional staff — are provided with their own individual MidexPRO login. Its free to add Users to your MidexPRO Account. This not only helps prevent unauthorised access but also ensures that, the data controller, carrying out an audit or system review accurately reflects who accessed data and when. Individual logins protect both the organisation and its staff and are a key requirement for maintaining compliance and accountability.
The combination of three random words as a password has become much more commonplace in recent years and is a strategy used by MidexPRO. Using three random words makes passwords much harder for hackers to crack while remaining easy to remember.
The words do not need to be complicated or obscure, and each can mean something to you (although please avoid family or pets’ names). Words can also be interspersed with numbers and capital letters to further strengthen security.
For example: Friday3Crisps9Pienza
You could use favourite flowers, cars, holiday destinations or animals, making the number of possible combinations vast — which is exactly the reasoning behind this approach.
Whatever you decide, remember to make your password difficult to guess, keep it private, change it regularly, and never reuse passwords across multiple systems.
By now, we all know that using Password123 is not a good choice, so please avoid this and other obvious or commonly used phrases that could make it easy for hackers to access your data.
For further guidance on protecting yourself and your business from cyber threats, please visit:
- Cyber Essentials (LINK)
- National Cyber Security Centre (LINK)
MidexPRO is the definitive medical practice management system, designed to support your clinical needs whatever your speciality may be.
Did you know that MidexPRO offers a FREE 30-day trial of the full system?
For more information, please:
- Visit MidexPRO.com
- Call us on 0330 999 3399
- Email support@midexpro.com