Cyber security is a huge topic, as can be seen from our #CyberSeptember series.
Healthcare professionals are faced with so many important jobs to prioritise, cyber security is just another task demanding attention. However, like the Covid-19 Pandemic, cyber-attacks are something we all face together and vulnerabilities are increasing in these unprecedented times.
So, here is a summary of our advice pulled together into easily digestible, bite sized chunks from our CyberSeptember posts.
Free Downloadable Poster – Firstly- We have created a Top 10 Cyber Security Tips poster, available to Download here, which we hope you will find useful for your practice.
No Phishing allowed!
Beware of Phishing emails and keep up-to-date with latest scams that exploit current trends. The overwhelming majority of breaches start with malicious emails or other social engineering where victims are tricked into revealing confidential information, usually because the email sounds both genuine and urgent. Keeping your staff trained and aware enables them to act as your first line of defence
- Be cautious of emails from unknown recipients.
- Be wary of emails not addressed to the recipient
- Be concerned if keywords like ‘Banking’ are highlighted
- When hovering over a link check the domain of the URL points to the alleged company that has sent the email
Keep it current
Ensure that you keep your software current and use any software patches that are released by vendors to repair vulnerabilities in the software, as soon as possible. Norton say “If the hack is the poison, the patch is the antidote” so a swift implementation is important. It is worth investigation patch management automation tools that you can use to close down loopholes, whether they are remote or on your premises.
The government guide lines on managing your security can be found here https://www.ncsc.gov.uk/guidance/vulnerability-management
Keep it clean
You’d be surprised how intrepid some hackers can be to try and gain access to networks. They will stop at nothing to uncover passwords.
Shred any confidential paperwork and ensure that you have a robust password policy in place.
Key password considerations include;-
- Use more than 8 characters and include upper & lower case and a symbol
- Do not write passwords down or share them
- Use different passwords for different devices
- Do not use easily guessed passwords
- Change passwords regularly
Ideally use Multi Factor Authentication and consider the password management tools available online which can securely store passwords and provide password strength analysis.
For more information on password security go to https://www.ncsc.gov.uk/collection/passwords
Internet of medical things – convenience vs risk
Wearable technology that monitors patient vital signs and provides feedback is also a means by which hackers can access networks. Similarly with increasing numbers of staff working remotely, devices such as laptops and mobiles pose a cyber threat. Networks accessed externally need to be protected, but authentication of these devices can be difficult.
It is important to keep mobiles and laptops secure at all times. Issues can be mitigated by implementing strong security protocols, including encryption and updating operating system patches regularly.
For more information on security measures read this article on Healthcare IoT https://internetofthingsagenda.techtarget.com/feature/Healthcare-IoT-security-issues-Risks-and-what-to-do-about-them
Prevention and cure
Up to 80% of cyber-attacks can be prevented by undertaking Cyber Essentials – the Government-backed cyber security certification scheme.
The ICO has produced a guide which may be found on its website https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/personal-data-breaches/ .
If you do suffer a breach, contact your insurer immediately. MIAB insurers offer a dedicated incident and cyber response helpline. These helplines are available 24/7 so you’re able to react to a cyber-attack quickly and effectively.