What are you doing to prevent being hacked?

Have you ever been hacked?

Does this sound familiar? You find yourself in the curious position of waking up to an email inbox, full of very concerned messages from friends. They’ve replied to a scam that’s been send out en-masse from your email account (with a tale of woe depicting how you were robbed at gunpoint, and you now need them to send vast amounts of dosh). Your tech savvy friends will have nudged you with an ‘Oi, mate, you’ve been hacked’, punctuated with a winking-face-with-tongue emoji. You realise none of them cared enough to phone your mum (just to check).

Whatever the form of hacking (be it your laptop, Gmail, Facebook account) it is at best stressful, and at worst, a disaster. Typically, it’ll happen just when you weren’t expecting it (like mid-clinic).

The fall out can be extensive…

If you store important, personal data poorly (especially patient data), and that data has been wrongly divulged or hacked, it’s considered to be a violation of the GDPR.

Even if it’s deeply unfair that some nasty scum bag did this to you.

You might feel like throwing your hands up and saying, ‘what’s the point, aren’t we all going to be hacked some day and I can’t stop that happening?’ Whilst this may be true, the point is, much like choosing to drive with a seat belt on (not off), there are ways to mitigate some of the risks.

So what steps can you take to ensure you’re not leaving yourself open to hacking? Here’s our…

Top Ninja Tech Protection Tips…

  Improve your password hygiene

Ok.. time to confess.. do you find it all nice and convenient to have your little notebook that you dutifully record your passwords in? What happens, however, when you’re tired /not yet had your morning caffeine fix and you accidentally leave it on the 8.27am train into Waterloo? (You realise getting said required fix in Costa 45 mins later, just what you’ve done.)

Chances are, it’s going to be a case of a) panic, then b) panic a whole lot more and c) cancel all your patients and spend the day resetting passwords everywhere. Not an awesome start to the week.

So, what can you do instead? Store your passwords in what’s called a password safe.

No, it’s not a big metal box you have to lug around – it’s a bit of software on your phone (or computer) that you can organise and safely store all your passwords.

Have a look at the App store on your smart phone, and you’ll find examples such as ‘1Password’ and ‘Dashlane’.

Next, think of a good, yet memorable password to use as your master password that guards your safe, (see below) and double it up. For example, you might chose ‘C0stah!t’ as your first idea password, so use C0stah!t C0stah!t as your master password. This will take twenty billion years to hack. Well almost.

Apps like 1Password will also allow you to use your pinky print to open the password safe – making life even easier and just secure.

  Get some malware software

To start with, it’s a bit of a weird name, isn’t it?! I had to go to Wikipedia to look it up, which describes it as ‘a portmanteau’ for malicious software’. Turns out, it’s basically bundling words together – malicious and software. You get the idea. And it’s baaaad news.

Malware can take on many forms; viruses that harvest your email contacts, a backdoor to access your computer and record key strokes, or, more recently, ransomware that blocks access to your files. Not exactly cricket, is it?

Ransomware is the scariest form of malware in some ways, because the information on your computer that you need to run your clinic, could suddenly one day be rendered inaccessible.

Someone could request large sums of money to ‘unlock’ your data. It’s here and happening.

In 2017, £4.6 billion was stolen from UK users using various forms of cybercrime, including ransomware.

What can you do to stop these low-lifes stealing your livelihood via a ransom?

The answer is to have a fallback strategy that involves backing up to multiple locations, that are time staggered.

For example: if you took a backup once a week on a Sunday, then disconnected that backup when finished, if ransomware hit on a Tuesday, you could recover the Sunday backup data.

The take home understanding is that, ‘real-time’ backups (such as iDrive running in the background) would also be encrypted by ransomware, and therefore useless. You need to have a well-designed backup process that’s timetabled.

An interesting fact is that in 2016, 25% of people who paid money as part of a ransomware demand didn’t get their data back anyway. Now why isn’t that surprising?

It’s time to get some decent anti-malware installed.

For larger practices, or if you like a belt-and-braces approach, you can install a firewall at the point at which the internet comes into your practice. It’ll sniff out threats like a bloodhound before they even get anywhere near your computers.

  Using two-factor authentication.

Two factor what? This security measure is so posh it even has an acronym – 2FA. It might be ‘2 flipping annoying’ to implement sometimes, but it’s the star of the show when it comes to protecting your clinic’s data from hacker-types. Basically, it’s a second authentication code sent in real time to a device you own. That device is usually that thing most of us are now glued to for hours each day – your mobile. So, there’s no excuse, is there?

We all have passwords that aren’t to the liking of the IT people clamouring for ‘passwords that comprise 8 characters, 2 special symbols and 3 numbers, blah-de-blah-yawn’.

Truth is, you’re not going to remember them, and even if you’ve used your goodie-two-shoes password vault app, these long passwords are still a pain in the royal backside to enter into your online browser-based app.

The solution: Have a simple password (remember C0stah!t ) and then setup your web-based app to send a ‘one time’ password to your phone as the second level of authentication when logging in.

Have a look around. Many of cloud-based systems (e.g. Office 365 and Cliniko) will allow you to set up this 2FA with ease. Sweet.

  Spotting a fake / scam email

This is sometimes easy, but sometimes it’s a tad tricky. It could be an obvious message on your computer stating that ‘you have a virus, please install this software’ or ‘please call this number to help’.

Yeah, right.

Or, it could be an email, claiming that you need to logon to PayPal, RIGHT NOW, to reset your password as it’s been compromised.


Confused, you duly logon, enter your old password, new password and hey presto – nice one! You’ve just sent your real (old) password to the hackers.

How can you avoid this? Treat each email with a level of caution if it has URLs to click on.

Even if it’s from your aunt, with a link to the latest fashionable labradoodle autumn jackets you’ve had your eye on for Mr Pickles, be suspicious. Someone might have infected her computer, harvested her contacts and emailed out a link to a PDF (which can by the way, contain malware).

If the email says, ‘Dear Client’ and doesn’t have your name – then it’s 99.99% likely to be a scam. Just delete it.

However, just for a giggle – you can prove it’s a scam. Here’s an example of an email I received recently:


On your computer, right-click the link and choose ‘Copy Link’ (Safari) or ‘Copy Hyperlink’ (Windows Internet Explorer).

Start a new email and just paste the text into it (the new email is just somewhere to safely paste the link into, whilst you examine it).

Here’s what my supposed link to PayPal actually was. Hmmmmm……!


So, in Ninja Tech summary…


  Install decent malware software, e.g. Bitdefender (remember Macs can be hacked too, in case you were feeling smug about your MacBook Pro).


  Have a rotating backup strategy with offline backups.


  Be hyper-cautious with emails – links and attachments. Especially if they’re from your Aunt.


Private Practice Ninja Tech can help you with all of the above. We’ve assisted many clients with cybersecurity and back up strategies- the kind that could also help protect you recover from ransomware attacks.


Why not get in touch for a chat? Jules@privatepracticeninja.co.uk


  If you’ve found yourself hacked, press the power button on your computer to forcibly power it off, and call us – we can help – 07500 834 894 – save this number!).

Together we can grow and protect your Private Practice.




email or call us 0207 993 6425

https://fb.me/privatepracticeninjahttps://linkedin.com/in/practiceninja http://www.instagram/privatepracticeninjahttps://twitter.com/PracticeNinjadojo@privatepracticeninja.co.uk