Phishing attacks are still one of the biggest threats to mid-size medical practices – and most of the “best practices” just aren’t cutting it. Cybersecurity training, policies, and filters? Everyone’s doing them. So why are we still getting phished? In this video, we explore a bold, practical solution: turning off internal email.Yep – you heard that right. Learn how mid-sized clinics can reduce phishing risk, boost collaboration, and modernize communication by shifting away from Outlook and embracing secure communication platforms. Whether you’re an IT lead or an executive in a mid-size physician practice, this is a must-watch if you’re serious about protecting your staff and systems. The #1 Cybersecurity Flaw in Mid-Size Medical Clinics (And How to Fix It) Video Transcript [0:00]Hi guys, sitting here at my humble abode, sipping an espresso. [0:14]This place is called Convivio. Just wanted to take a little bit of time to talk about phishing today. OK, this is Cicadas. [0:29]This is basically the FBI’s website, uhm, and I just wanted to scroll down a little bit. Just point this out to you here. [0:39]More than 90% of successful cyber attacks start with a phishing email. Hmm. If I was an, uh, owner of a mid-enterprise physician practice, I might be a little concerned about that. [0:54]So what do we do to help protect ourselves against phishing? Well, let’s do what every IT and supposed IT executive leader does and go to AI, right? [1:08]How do I protect myself from phishing? Here’s the classic AI list. [1:29]Employee education. Yep, everybody does their WISER. Everybody does their KnowBe4. You know, everybody does their NINJAIO. They think they’ve got their HRIS, LMS system that’s gonna train them. [1:47]Enterprise does anywhere, period. Uhm, let’s go to technology defenses. Email filtering, anti-phishing software, everybody does it. Multi-factor authentication. [2:00]Not everybody’s doing it, but it’s coming along. A lot more people are starting to get on the bandwagon. [2:06]Uhm, software updates and patching. Everybody says they’re doing it anyway. Uhm, get some link protection, get some, you know, blah blah blah. [2:19]More policy and procedure. Everybody has their policy and procedure, but nobody follows it. Right, so key consideration. Uhm, they’re constantly evolving. [2:30]Stay up to date on the latest threads. So what does that mean? Well that means you probably need to get on a CISA.gov RSS feed so you know what’s going on. [2:42]But who has time for that? Especially if you’re an IT guy in a mid-enterprise practice. You don’t have time for that. [2:49]You’re trying to help some front desk person with their Outlook problem. Same thing if you’re an executive. You got some physician banging down your door. [2:59]You’re not reading some RSS thread of emails coming from CISA.gov. A holistic approach — boy, that sounds like sales if I ever heard of it. That combines technology, education, and policy. [3:19]Yeah, great, mid-enterprise practice. Let’s see how successful we are with that. We don’t have 20 guys in IT and 30 in HR like a large enterprise. [3:29]Regularly reviewing and updating your security measures? Oh yeah, we all say we do that. So, if this is what you’re supposed to be doing, but you’re still getting phished, then why? [3:44]Again, supposedly you’re doing all this. I would argue I haven’t seen a mid-enterprise medical practice doing all this, but let’s say you are and you’re still getting phished — well, why? [4:00]Let’s see. What is Slack? Slack is a built-for-work app where you can instantly reach your team to communicate. [4:14]OK, well, what’s Teams? Teams versus Slack, right? Microsoft Teams and Slack are both collaboration platforms. [4:27]Large adoption of these platforms. Why? Well, the reason you’ve got large adoption is simple: they work. They increase collaboration, they’re easier to communicate, and guess what? [4:44]It’s a closed ecosystem. You’re not getting phishing attempts in Teams or Slack. So, what can we do with a simple technology like this to protect against phishing? [4:58]What if we turned off internal email so that people can’t send emails to each other internally? They can receive emails from the outside, but the front desk person can’t receive an email from the CEO. [5:20]If you’re watching this right now and you’re an executive in a mid-enterprise medical practice, you live in Outlook. [5:28]You couldn’t even imagine not having Outlook. Well, maybe what we should do is get with the times and implement a closed-loop communication platform that you already have in Teams or Slack. [5:51]Train our staff how to use it so they get the benefits of it, which will naturally remove the need for email. So, we can get to a point, maybe a year from now, where we can turn off routing of internal email. [5:58]If we turn off internal email now, phishing attempts can’t happen because if a front desk person gets an email from the CEO, they know immediately it’s phishing. [6:29]Anyway, just wanted to give everybody a quick idea that they could be using to progress their company amid enterprise practice with all of the shortcomings and potential those practices have. [6:35]Get with the times, have some competitive advantages, increase collaboration, and empower your staff while at the same time protecting yourself from phishing.