Top ten tips for securing your dictation systems
06 February 2023
Understand and manage the risks
From the outset it is important to understand the range of potential threats posed to your dictation solutions. After all, if you don’t understand the threats, how can you begin to prepare to defend against them? Adopting a risk management approach allows you to quantify the risks in terms of the probability of them occurring and the likely impact they would have on your business should they actually do so. Decide how best to address the threats you have identified and plan to counter these in the most effective and proportional way.
Install the latest software and app updates
Applying all security and application updates promptly will help to protect your dictation systems and associated software. Updates aren’t just about adding new features. They’re also about fixing vulnerabilities that attackers could find and use to gain access to your system. The older a system is, the more time hackers will have had to try and find vulnerabilities. By updating your systems, you will prevent malware or hackers from exploiting those security weaknesses.
Ensure strong passwords
The most common method of people-authentication for all IT systems is the password, typically in combination with a user ID. However, a significant weakness of using passwords in isolation is that they can be stolen, guessed or cracked. A password manager can help you to maintain strong unique passwords for all of your accounts. These programs can generate strong passwords for you, enter your credentials automatically and remind you to update your passwords periodically.
Incorporate multi-factor authentication
The concerns around using passwords in isolation have seen the increasing use of multi-factor authentication (MFA). This is an authentication method that uses two or more distinct factors to validate a user’s identity, rather than relying on just a simple username and password combination. The additional factors could be a one-time password sent to a user’s mobile, a memorised pin, or even a fingerprint or the use of facial recognition. The goal is to add another layer of protection to your dictation software. The benefits of multi-factor authentication are described in more detail in our blog: What is multi-factor authentication and why is it so important?
Utilise encryption
Encryption can play an important role in ensuring your speech processing systems are secure, from sending voice dictations to your support team through to ensuring that the resultant documents can be stored securely in the cloud or on your portable devices. Encryption involves the conversion of meaningful text (plaintext) into meaningless gibberish (ciphertext) in a manner that can be reversed by anyone who has the encryption key. If all other security fails, your data can still be kept safe with encryption; and for this reason, encryption is also seen as a primary means of ensuring regulatory compliance. More details about the benefits of encryption can be found in our blog: The role of encryption in speech technology.
Install antivirus software
Viruses, spyware, malware and phishing attacks pose problems to all IT systems, including speech technology solutions. A particular speech-related concern is the use of Trojans to steal electronic documents and files that may contain confidential or sensitive information. Anti-virus software can help to detect and remove the various forms of malware, though as with other security software the key is to ensure it is kept up-to-date given the rapid rate at which new malware threats emerge.
Protect remote devices
Dictation usage is growing amongst remote and hybrid workers, so the ability to access sensitive data from any location and device is critical. Simple measures can be taken, including ensuring that such users only install apps from trusted sources or that their handheld devices are capable of encrypting voice files and transcribed documents. Further protection can be provided through the use of Virtual Private Networks (VPNs), particularly given the concerns if your staff currently make use of public wi-fi to connect remotely to your central systems. A VPN enables a user to access the web privately and safely by routing the connection through a VPN server that protects both their identity and location, and encrypts any transferred data.
Backup your data
You should ensure the security of your data by regularly backing it up. A backup is a copy of your important data that’s stored in a separate safe location, typically in the cloud or on removable media such as a USB stick or an external hard drive. Once you’ve made a backup, then if you lose access to your original data, you can restore a copy of it from the backup. This latter point is particularly important given the growing threats posed by ransomware, where the attacker gains access to a user organisation’s data and encrypts it, meaning the user cannot access their own data until they get a special key in exchange for paying a ransom.
Educate your employees
Many hackers rely on human error, meaning that it is more vital than ever that your employees are aware of the dangers posed by cyber-attacks and how best to counter them. User training should, therefore, identify the types of cyber threats your company faces and how they can affect overall performance and/or profitability, together with the importance of following agreed security procedures such as not opening unknown attachments to emails. Regularly reinforcing such messages can do much to help avoid damaging security breaches.
Prepare for the worst!
No dictation solution is 100% secure, so there’s always a chance of a successful attack. It’s important, therefore, to have a planned and tested response in place so that no significant operational and productivity losses occur, and you are able to retain your reputation and customer confidence. This can be done by developing a business continuity plan that spells out clearly who is responsible for doing what. Ensuring that your key business data is backed-up is also vital, so that you have swift access to it in the event of an incident and can get back to “business as usual” as quickly as possible.
