Log in

NMGMA 10 Minute Takeaway April 2018

25 Apr 2018 2:23 PM | Anonymous member (Administrator)

 

NMGMA: 10 Minute Takeaway

By CINDY SANDERS

Published: April 4, 2018 

Teddy Ansink

The second Tuesday of each month, practice managers and healthcare industry service providers gather for the monthly Nashville Medical Group Management Association (NMGMA) meeting.

During the March luncheon, Teddy Ansink with Sword and Shield discussed 'Why Social Engineering Succeeds' and what that might mean for companies trying to keep information from being compromised. Ansink started out by defining social engineering as: "The use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes."

As part of his work, Ansink will often try to gain physical access to a client's offices to see what areas can be breached and what information he can retrieve. Once inside, he said it's often easy to walk into empty offices and snap photos of paperwork left on desks.

There are a variety of ways he accesses areas where he shouldn't be from 'tailgating,' which is going in right behind someone, to stepping on an elevator or walking up to a back area with his hands full and having someone push a button or open a door for him. "Employees have a desire to be helpful. This is one of the problems," he said with a smile.

He noted that between websites and LinkedIn, it's easy to find the names of key staff members to casually drop into conversation and make his visit appear legitimate. "Getting someone to challenge a person they don't recognize can be difficult," he noted, saying most people either don't want to approach a stranger or want to be helpful if they do.

The mindset, he suggested, needs to shift from 'challenging' someone to 'meeting a new person.' If an unrecognized individual tries to access a private area, a few friendly questions or checking the schedule could quickly ascertain whether the visit is legitimate and actually be helpful to the guest. If the story doesn't check out, then the employee should escort the visitor to a public area and report the incident.

Malware, phishing, baiting and other tactics also often succeed because employees are trying to be helpful. Ansink said emails from bad actors purporting to be from a boss are a tricky way to obtain sensitive information since most employees act quickly to fulfill a request from a supervisor. The simple solution is to verify the request is authentic, particularly if the required data includes private information on patients or clients.

In addition to targeted training to thwart attempts at social engineering, Ansink advocated for restricting peripherals, adopting a clean desk policy when staff members leave their work areas, and empowering employees to question unknown people in private or restricted areas of the practice or office.

About the association

The Nashville Medical Group Management Association is a non profit organization in Nashville TN that exists to provide resources to Medical Group Managers, Affiliate Members and Students who are interested in a career in Healthcare Management.


Contacts

PO Box 331536, Nashville, Tennessee 37203

website@nashvillemgma.org

Copyright © 2018 Medical Group Management Association Nashville Tenn. Chapter. All rights reserved.
Website design MembershipManagementServices.

Powered by Wild Apricot Membership Software