Can your boss send the bookkeeper or clinic manager an email to authorize payment?
You might want to re-think that.
Read this CBC investigation report, “Ransomware, bogus emails from your ‘boss' mark growing skill of cyber-criminals” to understand the risk to small businesses from targeted phishing attacks.
There are many creative ‘cyber bad guys’ who love to trick you into providing your personal information or use social engineering to trick you to take action – like making a payment to ‘Mr. Smith'. It is essential to train your employees to help them identify an attack and prevent phishing attacks and prevent a privacy breach. If you are breached, learn how to spot and report it.
Set up clear policies in your healthcare practice about authorizing payments to legitimate vendors. Consider having one person responsible to create the cheque and another person to sign the cheque. Don't rely on email to authorize payments, especially to new accounts.