Tools & Guides
Is your care service prepared for a cyber-attack? Read our advice to stay safe online and keep your sensitive client and staff data safe from security breaches.
Cyber security is about "protecting the devices we all use (smartphones, laptops, tablets and computers), and the services we access – both online and at work – from theft or damage." (1).
Due to the sensitive data you hold on service users and our care teams, security breaches can have a number of consequences, including:
To provide some additional context, the government released a new policy paper in June 2022 on reshaping health and social care with data. This puts major emphasis on cyber security and outlines some best practices you can follow.
Familiarise yourself with the 10 standards introduced by the Department of Health and Social Care back in 2017, as they can help you shape an action plan of things to be implemented.
The DSPT is an online self-assessment tool which allows you to measure your performance against the National Data Guardian’s 10 data security standards. By using the DSPT on an annual basis and reaching Standards Met, you can reassure people who use your service, their families and your teams that their information is being managed safely.
Data could be deleted, stolen or held to ransom, so it’s important to back this up. These should be performed on a regular basis, the frequency of which will depend on how much data you’re dealing with.
When you make a backup, store this separately from the computer you are using - this could be to an external hard drive or on the cloud.
You can always opt to buy an off-the-shelf backup solution. Many of these are easy to set up and are affordable, but you need to make sure whatever you choose is right for your service.
Antivirus software should be used on all computers and laptops – here’s a list of free software collated by MoneySavingExpert. You can also get antivirus software for smartphones and tablets.
Apps should only be downloaded from approved stores, like Google Play or the App Store, as these providers check the apps they advertise meet certain levels of protection from malware that might cause harm.
You should have passwords for computers, laptops, smartphones and tablets. Passwords should contain numbers, letters and characters and be changed on a regular basis. Two factor authentication should be turned on where possible and any lost or stolen devices should be tracked, locked or wiped.
Phishing is when scammers ask for sensitive information such as bank details, try to trick you into sending money, steal details to sell or send links to bad websites. Phishing emails and text messages may look like they’re from a company you know or trust and therefore it’s important to be mindful of opening emails and attachments from unknown senders.
It’s important to raise awareness and upskill staff as this can help employees understand cyber hygiene, security risks associated with their actions and raise awareness of how to identify cyber-attacks they may encounter.
The National Cyber Security Centre offers free e-learning, which is a great first step.
If you do encounter nan online fraud, scams or extortion, be sure to report it to the National Fraud and Cyber Crime Reporting Centre. This will help other organisations protect themselves against similar attacks.
Cyber security can be a minefield, so it’s important to read the latest news and resources. We'd recommend the following websites:
Get a copy of our cyber security infographic to discover six easy steps you can take to stay safe online.
(1) National Cyber Security Centre. What is cyber security? National Cyber Security Centre. [Online] https://www.ncsc.gov.uk/section/about-ncsc/what-is-cyber-security.
Have a flick through some of our other articles
.png)
%20(4).png)
.svg){kind=icon}