What is cyber security?
Cyber security is about "protecting the devices we all use (smartphones, laptops, tablets and computers), and the services we access – both online and at work – from theft or damage." (1).
Why is cyber security important?
Due to the sensitive data you hold on service users and our care teams, security breaches can have a number of consequences, including:
- Loss of data
Once cybercriminals have breached an organisations network, data can easily be stolen or corrupted.
- Loss of productivity
When systems are infected, our teams can’t perform routine tasks which can impact the day to day running of the service.
The UK GDPR set a maximum fine of £17.5 million or 4% of annual global turnover – whichever is greater for breaking the law.
Many high-profile organisations have been blackmailed for money in return for the data/files that have been stolen however this could easily happen to any organisation.
- Reputational damage
To provide some additional context, the government released a new policy paper in June 2022 on reshaping health and social care with data. This puts major emphasis on cyber security and outlines some best practices you can follow.
Our top 10 cyber security tips
1. Use the 10 data security standards as an audit
Familiarise yourself with the 10 standards introduced by the Department of Health and Social Care back in 2017, as they can help you shape an action plan of things to be implemented.
2. Ensure you complete the Data Security and Protection Toolkit (DSPT)
The DSPT is an online self-assessment tool which allows you to measure your performance against the National Data Guardian’s 10 data security standards. By using the DSPT on an annual basis and reaching Standards Met, you can reassure people who use your service, their families and your teams that their information is being managed safely.
3. Back up your data
Data could be deleted, stolen or held to ransom, so it’s important to back this up. These should be performed on a regular basis, the frequency of which will depend on how much data you’re dealing with.
When you make a backup, store this separately from the computer you are using - this could be to an external hard drive or on the cloud.
You can always opt to buy an off-the-shelf backup solution. Many of these are easy to set up and are affordable, but you need to make sure whatever you choose is right for your service.
4. Install and activate antivirus software
5. Don’t download dodgy apps
Apps should only be downloaded from approved stores, like Google Play or the App Store, as these providers check the apps they advertise meet certain levels of protection from malware that might cause harm.
6. Use passwords on all devices
You should have passwords for computers, laptops, smartphones and tablets. Passwords should contain numbers, letters and characters and be changed on a regular basis. Two factor authentication should be turned on where possible and any lost or stolen devices should be tracked, locked or wiped.
7. Avoid phishing scams
Phishing is when scammers ask for sensitive information such as bank details, try to trick you into sending money, steal details to sell or send links to bad websites. Phishing emails and text messages may look like they’re from a company you know or trust and therefore it’s important to be mindful of opening emails and attachments from unknown senders.
8. Complete cyber security training
It’s important to raise awareness and upskill staff as this can help employees understand cyber hygiene, security risks associated with their actions and raise awareness of how to identify cyber-attacks they may encounter.
The National Cyber Security Centre offers free e-learning, which is a great first step.
9. Report suspicious activity
If you do encounter nan online fraud, scams or extortion, be sure to report it to the National Fraud and Cyber Crime Reporting Centre. This will help other organisations protect themselves against similar attacks.
10. Stay up to date
Cyber security can be a minefield, so it’s important to read the latest news and resources. We'd recommend the following websites:
- Digital Social Care
- Get Safe Online
- Information Commissioners Office
- National Cyber Security Centre
- NHS Digital.
Download our free infographic
Get a copy of our cyber security infographic to discover six easy steps you can take to stay safe online.
(1) National Cyber Security Centre. What is cyber security? National Cyber Security Centre. [Online] https://www.ncsc.gov.uk/section/about-ncsc/what-is-cyber-security.