People love to use their smartphones to entertain themselves or to work while they’re waiting. There is a growing expectation that wifi will be provided in public places like GP surgeries but, if you are asked, is it safe to give out your wifi code?
The answer is no.
Patients may request your wifi passcode – and expect it to be given – but you have no obligation to provide it, says Mike Ianiri, director of technology provider Equinox Communication.
To safeguard sensitive patient information you need to keep your business wifi separate and secure; you can’t risk a member of the public being able to access sensitive patient information through your network. The best way to handle this is by providing a separate public/guest wifi , Mike says.
Although preferable, this option isn’t entirely risk-free. Guest users connecting to the wifi network are required to enter personal details; most public wifi access has special software that sits behind the access points and stores all this information. If a cyber-criminal gains access to the backend the repercussions could be potentially catastrophic to an individual – and to your practice.
Given the risks of an unsafe or unsecured wifi connection – and with GDPR in force now – anyone providing access to wireless internet must have security at the forefront of their minds. A practice could find its reputation severely impacted should a breach occur.
So, what can GP practices do to protect their patients – and themselves – from the unpleasant attentions of hackers and cyber-criminals abusing your network? Here are some tips from Mike.
Change admin passwords regularly
Regularly changing admin passwords dramatically reduces the opportunity for the network to be hacked, particularly when you add rules that create passwords which are more complex than many people naturally want to make them. Such rules can be easily applied using network settings and tools such as Dashlane or LastPass.
Use competent installers
If you decide to set up a public wifi make sure you engage with a competent wifi technology installer. Using an accredited and trusted provider can help you build security into the system from the start.
Have a policy in place
When people connect to your guest wifi you need to ensure that the individual gives consent to their personal data being collected. This is called the ‘opt in’ approach; GDPR is very clear that you must give users the choice of opting in, rather than the choice of opting out. A good installer can help you to do this.
Test your firewall
Quarterly firewall penetration tests, carried out by an independent cyber-security specialist, will flag up any holes in your network and keep cyber-criminals well and truly out. You’ll have the peace of mind that your system is protected.
Look out for ‘sniffers’
No, these aren’t cute little puppies, but an industry term for hacking tools used to gain access and capture information that you send from your laptop, tablet or mobile. Most recently hackers are also setting up wifi networks that reach into a business or other organisation. Patients, or a member of staff, might think they are legitimate and connect to a ‘fake wifi’, exposing themselves to risk.
However hard you may try, you can’t protect members of the public from compromising your system, which is why having a separate wifi network that manages no sensitive information is essential.
Your responsibilities for online security have increased significantly with the introduction of GDPR; not only is there an ethical and social need for you to protect data, there are also legal requirements too.
If you approach the challenge of installing a public wifi network properly, you can benefit your practice and your patients significantly. Patients will be very happy to know that you are doing everything you can to protect their data; they will also be very pleased that you are providing a secure network experience, with robust wifi access, which will help keep them relaxed while waiting to see their GP or other members of the team.
It’s not just patients who can threaten your network – your staff can too. Everyone in the practice should be encouraged to follow the internet policy you have in place and to limit their browsing to safe sites and relevant information. We will be detailing how to create a new safe use policy (or refresh an old one) in a future Practice Business article.