Cyber Security: Defend As One
By Daniel O’Shaughnessy, Programme Manager – Better Security, Better Care, Digital Care Hub
Cyber security is much more than the technical responsibility of a care provider’s IT department. It’s a shared duty across every level of the organisation and beyond to its partners.
The Better Security, Better Care programme at Digital Care Hub has seen record numbers of care providers taking steps to improve their cyber security. Over 72% of care providers are now using the official self-assessment tool – the Data Security and Protection Toolkit (DSPT) – to check and improve their arrangements – up from just 13% in 2021.
But we know that’s really just the start. Having the right policies and procedures in place is essential – and a legal, regulatory and contractual requirement. But it’s day-to-day practice that makes the real difference.
Cyber security awareness needs to be embedded within organisational culture, in the same was as safeguarding is at the core of every service. Care workers, managers and administrators to think about cyber security whenever they are using technology – including personal smartphones that are used for work.
Tips for care providers
Train your staff: Make data protection and cyber security an essential element of your induction and annual refresher training programmes. Access free elearning and face-to-face training materials from Better Security, Better Care.
Check your IT suppliers: Push them for evidence about their cyber security, including what responsibility they take for continuity of access in the event of a cyber attack.
Strengthen your business continuity plan: Ensure it covers how you will manage if you were to lose access to data for a period of time. Watch out for our new cyber incident response checklist – coming in October for Cyber Security Awareness Month.
Create back-ups: Identify what data is essential to running your service, and create a backup separate from your main IT system. That could be on a USB stick, separate drive or PC, or on the cloud.
Be careful with emails and passwords: Train staff to spot ‘phishing’ emails. Ensure you use strong passwords and consider introducing multi-factor authentication (MFA). MFA aims to strengthen security by requiring you to use more than a username and password to log in to systems.
Update software and install antivirus software: Software updates include security updates, and anti-virus software detects and removes viruses. Keep them up to date – and check that the update links are genuinely from your supplier.
For details visit www.digitalcarehub.co.uk/bettersecuritybettercare