How To Prevent Phishing Cyberattacks In Your Care Facility

Cyberattacks are on the increase and a favourite and growing approach is via email, which we call phishing. Cyber security company Nexor reported that there was a 31% increase in cyber related cases across May and June 2020, with the healthcare sector amongst one of the most targeted industries.

According to the Cyber Security Breaches Survey 2021 carried out by Department for Digital, Culture, Media & Sport, among the 38% of small to medium sized businesses identifying a breach or attack, 83% had phishing attacks, 27% were impersonated attacks and 16% had malware (including ransomware).

There are many forms of email phishing, but they all have one thing in common – to cause disruption to your business. One form of phishing attack known as ‘business email compromise’ uses compromised email credentials or imitates a legitimate email address in order to encourage the recipient to take action. It’s usually targeted at an individual or small group and relies upon the ability to look like someone in a senior position within a company or a trusted external provider. The aim of the attack could be to transfer funds, make a payment or share sensitive information – patient data for example. It’s exceptionally easy to fall prey to business email compromise or any phishing attack.

In fact a report by Beazley PLC, highlighted that a staggering 90% of data breaches occurring in the UK in 2019 were caused by human error! This means that most incidents that occur in a business setting are because of actions inadvertently taken by employees.

Cybercriminals have become more sophisticated than ever and email recipients are finding it increasingly difficult to spot imposter emails.

Whilst you have little control over what’s happening externally with BEC, there are some steps that you can take to help prevent this cyberattack impacting your business.

Implement the five tips below to help prevent Business Email Compromise in your care business:

1- Multi-Factor Authentication
Introduce multi-factor authentication into your systems. This is an authentication method that requires a user to provide two or more verification factors in order to gain access to a resource such as an application or online account.

MFA will protect the user and therefore your business from an unknown person trying to access data, such as patient data, personal information or financial details.

In addition to this, you could also create a rule for all new emails that come into the business from external sources. With this in place all external emails would be clearly identified, acting as an additional prompt for the recipient to make sure it’s a legitimate email.

2 – Staff training
Carry out staff training on how to detect and avoid phishing emails. The Barnes Risk Management Hub has online learning resources that can be utilised for this purpose, and is an easy way to educate staff in what to look out for.

3 – Reinforce fund transfer/payment procedures
Review and reinforce your fund transfer and payment procedures to identify areas that may be vulnerable. This could involve an authentication requirement for people or businesses that are not within your network.

4 – Limit users
Reduce or limit the number of people that can authorise financial transfers and payments. The fewer people with the ability to carry out these tasks, the lower your risk of compromise becomes.

5 – Review procedures for supplier/customer account set up
Take a close look at the procedures in place for the set-up of new accounts. How do you verify their details and address? Look at how you manage any changes they request, to ensure that they are genuine.

Is it time to review your cyber risk?
At Barnes Commercial, we can help with a comprehensive risk review, including your vulnerability to cyberattacks and create a programme of covers that are best suited to your needs. As an independent broker we provide completely impartial advice on the best solution for your specific needs.

Telephone 01480 272727
Email: enquiries@barnesinsurancebroker.co.uk
www.barnesinsurancebroker.co.uk

Sign up for all the latest news from The Carer!

Sign up to receive the latest issues, along with highlights of the latest sector news and more from The Carer, delivered directly to your inbox twice a week!