As we move into a digital way of working, including systems, remote working, cloud-based services, and now the introduction of AI, cyber awareness becomes crucial.
We need to make sure that we are protected against security threats and data breaches, whilst ensuring we are not compromising the personal information we hold on our staff and the people we are supporting.
Let’s look at some of the key principles to protect your data in social care.
How to store data online securely in health and social care
Cyber security can sound confusing, but it doesn’t need to be. Below are six ways you can start improving the security of your care data.
The simplest thing we can do is to ensure that everything is stored using a password so that people cannot freely access data and systems.
The National Cyber Security Centre recommends using a strong password for your email that is not used for any of your other accounts, both work and personal.
Passwords should contain a mix of:
- Capital and lowercase letters
These should be different for each account so that if someone guesses or hacks your password, they are not able to access all your accounts.
You should also look at implementing 2-step verification – or multi-factor authentication (MFA) – on all logins where possible. Whilst this is more tedious when logging in, it adds an extra layer of protection.
2. Access control
Along with passwords to stop people from accessing data that they do not need access to, you should also ensure you implement device access control measures.
This ensures that only authorised individuals can access data. You can apply this by regularly reviewing and updating access privileges.
Encryption is where data is taken and converted into a code and can only be read or processed after it has been decrypted.
There is software available to help with this, however we can ensure spreadsheets or documents containing a lot of sensitive information is encrypted on our own computers by:
- Right clicking on the document
- Clicking ‘properties’
- Clicking ‘advanced’
- Clicking ‘encrypt contents to secure data’.
4. Device updates
It is important that we ensure that our teams are updating their device systems when available as this will ensure applications are up to date with the latest security.
You will often get a notification on the device to let you know when system updates are available. Where possible, set updates to automatically download to prevent the risk of someone clicking no or delaying it.
It is important that we train our teams so that they:
- Have an awareness of the risks
- Know how to be cyber savvy
- Develop best practices, such as using strong passwords, not clicking unknown links, and recognising phishing attempts.
Training should be provided on a regular basis and, where needed, you should update your team on emerging threats.
6. Contingency plans
You should ensure you have a contingency plan should your systems go down. This should include:
- Backing up your data on a regular basis
- Ensuring you have a list of next of kin numbers
- Knowing what you would do if your systems were hacked or data was breached.
You can download a template from Digital Social Care to help you create a contingency plan.
These are just a number of things that should be in place, but there are many more. Make sure you do some additional research to ensure you protect the data in your service.