Meet The Team: Conor Johnston, Security Engineer

Posted 24 September 2019 in , TM3 News, Business and Marketing, Clinical, Support

Data Security Clinic

Data security is often an area that many practitioners and clinicians overlook when searching for clinic management software. It’s no secret that price is a huge driver in the decision makers of clinic owners when scoping out TM3 against Power Diary, Cliniko or PPS. However, with that said did you know that unlike most of our competitors, here at TM3 we have a dedicated infosec team to ensure the data of both our clients and their clients is protected to the highest possible level.

We caught up with Conor Johnston, a key member of the team to find out a bit more about data security and what our teams do to protect clinics around the world on a daily basis.

Tell us a bit about your role here at Blue Zinc/TM3

“I am a Security Engineer working as part of the Blue Zinc infrastructure team, responsible for the implementation and administration of security hardware, software and processes.

As a team, we work to protect the company’s data, computer systems and networks from any security threats or attacks. This results in a work environment that is complex, fast-paced, engaging and very rewarding.”

Most of our competitors don't have an infosec or data security department, why do we?

“Nowadays it is quite apparent to anyone that reads the news that cyber threats are an unfortunate reality for businesses everywhere. In addition to this, attacks are constantly evolving in technique and sophistication.

At Blue Zinc, we have a responsibility to protect and secure our systems and any client data that may reside there. We protect this data from theft or tampering and ensure it is available when our clients need it. We take this responsibility seriously and I feel we demonstrate it by having dedicated staff focused entirely on this critical task.”

Are the risks real and do they actually happen to everyday businesses?

“Deloitte, Facebook, British Airways, Uber, Capital One. These are all examples of companies that have been the recent victims of substantial data breaches and experienced the ramifications of such.

In addition to that, a 2019 government survey found that 32% of UK businesses identified cybersecurity breaches or attacks within the last 12 months. That’s one-third of UK business can confirm they have been attacked. It’s not all bad news though. I believe that these examples are pushing the importance of good infosec practice to the forefront of people’s minds. They have also shown that with the right security technologies and procedures put in place to provide defence in depth, the risk of a breach is substantially reduced.”

What kind of data do we store and process?

“As part of business operation and the services we provide, Blue Zinc processes our own data and the data relating to prospective clients, clients and former clients. The secure processing of this data is in our commercial interest and is at the very core of what we do.

As a data controller of this information, the organisation is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.”

What have we done to mitigate risk for both Blue Zinc and our clients?

We use state of the art, fault tolerant next-generation firewalls, network hardware and security tooling. Our products and systems are designed and deployed with security in mind from the outset. Our infrastructure is monitored in real-time, 24x7 by security analysts to detect irregularities or potential threats, with personnel ready to respond to any security breaches or intrusions that may occur.

We have internal policies and controls in place to ensure data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees in the proper performance of their duties. We conduct regular scanning and penetration testing to identify any weaknesses or vulnerabilities and measure our security configurations against globally recognised benchmarks. We are members of the Cyber Security Information Sharing Partnership (CiSP), a joint industry and government initiative set up to exchange cyber threat information in real-time.

If you would like to know more about our industry leading clinic management software and its security, talk to one of our experts today.

Think our clinical software solution could be right for your business?