Tools & Guides

Cyber security

Is your care service prepared for a cyber-attack? Read our advice to stay safe online and keep your sensitive client and staff data safe from security breaches.

What is cyber security?

Cyber security is about "protecting the devices we all use (smartphones, laptops, tablets and computers), and the services we access – both online and at work – from theft or damage." (1).

Why is cyber security important?

Due to the sensitive data you hold on service users and our care teams, security breaches can have a number of consequences, including:

  • Loss of data
    Once cybercriminals have breached an organisations network, data can easily be stolen or corrupted.
  • Loss of productivity
    When systems are infected, our teams can’t perform routine tasks which can impact the day to day running of the service.
  • Fines
    The UK GDPR set a maximum fine of £17.5 million or 4% of annual global turnover – whichever is greater for breaking the law.
  • Blackmail
    Many high-profile organisations have been blackmailed for money in return for the data/files that have been stolen however this could easily happen to any organisation.
  • Reputational damage
  • Lawsuits

To provide some additional context, the government released a new policy paper in June 2022 on reshaping health and social care with data. This puts major emphasis on cyber security and outlines some best practices you can follow.

Our top 10 cyber security tips

1. Use the 10 data security standards as an audit

Familiarise yourself with the 10 standards introduced by the Department of Health and Social Care back in 2017, as they can help you shape an action plan of things to be implemented.

2. Ensure you complete the Data Security and Protection Toolkit (DSPT)

The DSPT is an online self-assessment tool which allows you to measure your performance against the National Data Guardian’s 10 data security standards. By using the DSPT on an annual basis and reaching Standards Met, you can reassure people who use your service, their families and your teams that their information is being managed safely.

3. Back up your data

Data could be deleted, stolen or held to ransom, so it’s important to back this up. These should be performed on a regular basis, the frequency of which will depend on how much data you’re dealing with.

When you make a backup, store this separately from the computer you are using - this could be to an external hard drive or on the cloud.

You can always opt to buy an off-the-shelf backup solution. Many of these are easy to set up and are affordable, but you need to make sure whatever you choose is right for your service.

4. Install and activate antivirus software

Antivirus software should be used on all computers and laptops – here’s a list of free software collated by MoneySavingExpert. You can also get antivirus software for smartphones and tablets.

5. Don’t download dodgy apps

Apps should only be downloaded from approved stores, like Google Play or the App Store, as these providers check the apps they advertise meet certain levels of protection from malware that might cause harm.

6. Use passwords on all devices

You should have passwords for computers, laptops, smartphones and tablets. Passwords should contain numbers, letters and characters and be changed on a regular basis. Two factor authentication should be turned on where possible and any lost or stolen devices should be tracked, locked or wiped.

7. Avoid phishing scams

Phishing is when scammers ask for sensitive information such as bank details, try to trick you into sending money, steal details to sell or send links to bad websites. Phishing emails and text messages may look like they’re from a company you know or trust and therefore it’s important to be mindful of opening emails and attachments from unknown senders.

8. Complete cyber security training

It’s important to raise awareness and upskill staff as this can help employees understand cyber hygiene, security risks associated with their actions and raise awareness of how to identify cyber-attacks they may encounter.

The National Cyber Security Centre offers free e-learning, which is a great first step.

9. Report suspicious activity

If you do encounter nan online fraud, scams or extortion, be sure to report it to the National Fraud and Cyber Crime Reporting Centre. This will help other organisations protect themselves against similar attacks.

10. Stay up to date

Cyber security can be a minefield, so it’s important to read the latest news and resources. We'd recommend the following websites:

Download our free infographic

Get a copy of our cyber security infographic to discover six easy steps you can take to stay safe online.

References

(1) National Cyber Security Centre. What is cyber security? National Cyber Security Centre. [Online] https://www.ncsc.gov.uk/section/about-ncsc/what-is-cyber-security.

Suggested reads

Have a flick through some of our other articles

Using smarter rostering for efficient care operations | Live webinar

Watch our on-demand webinar for a demo of Log my Care’s new Rostering add-on, showing how digital rostering can unlock more economical and efficient care operations.

Track goal progression: A checklist to get you started

Download our goals tracking checklist to ensure your service is fully equipped to track and support the progression of service user goals and achieve greater outcomes in care.

Drive positive outcomes: Tips for effective goal-setting in care | On-demand webinar

Watch our on-demand webinar where you'll learn how to create effective goal-setting processes to ensure service users’ goals become a reality.

Start delivering proactive care and finally have oversight of your service.