Why You Should Consider A Cybersecurity Strategy In Your Care Facility
Cyber attacks are on the increase and the healthcare sector is one of the most targeted industries. According to a recent survey conducted by email security firm Agari, 67% of healthcare organisations in the UK have suffered a cybersecurity incident over the last 12 months. Of all healthcare cyber incidents in the last year, 48% have been the result of malware or viruses introduced to the network by third-party devices.
To help protect your care home or care facility from the threat of a cyber related incident, we recommend putting a robust cybersecurity strategy in place to sit alongside your insurance programme. You should create a cyber risk assessment and action preventative measures including a best practice guide. This will help to reassure your employees, customers, suppliers and any third parties, that you are as ready as possible in the event of a cyber threat.
To identify areas of weakness or vulnerability, you should assess the security of your information or data. Prevention is always better than cure, so review your current security strategy to ensure that you have the proper policies and best practices in place to meet any required standards or obligatory regulations. This should include a review of your security operations, network and data security to check that you are protected from exploitation and have prevention and monitoring procedures in place.
Carry out a cyber security assessment to identify the types of attack that you may be vulnerable to and assess how prepared your business is to respond to an incident. Consider your ability to detect malicious activity, the procedures you have in place to contain an attack and what your incident response process is.
Create a best practice guide to help prevent your exposure to cyber threats and share with all employees. This should include the use of strong passwords which are updated regularly. Software and systems should also be checked regularly, and updates actioned when due. The use of two-factor authentication, when available, should also be implemented.
Ensure you are following the most up to date guidance on GDPR and that your data protection officer has all the latest information. It’s a legal obligation of any business to ensure appropriate and proportionate security is in place to protect any personal data held, to safeguard the rights of individuals. You must also report any data breaches to the ICO within 72 hours of discovery.
Provide your staff with Cyber Security Awareness Training so they can spot suspicious looking communications, understand how hackers get in and the importance of strong passwords. Educating your entire organisation helps to minimise potential attacks and can also help to reduce internal security incidents. It’s also a good idea to create a robust reporting procedure to ensure that all employees are aware of any potential or recent Cyber attacks.
With more of us working from home, you should make sure your remote working methods are protected and procedures are adhered to by all.
Put together a business continuity plan and share with key
employees for a coordinated, calm and fast reaction to an unexpected cyber event. Your immediate response to an event will be key to the overall impact on your business. Consider how you will contact everyone that may have been affected as a result of a data breach to help retain your customer database, customer confidence, brand reputation and trust.
Don’t wait until you have experienced a cyber attack to put measures in place, be proactive and help protect your business now. We can help you to develop a robust cyber security strategy as part of your complete insurance programme, managing your exposure to cyber risks.
Speak to us about arranging cyber liability insurance or carrying out a cyber risk assessment by calling us on
01480 272727 or emailing enquiries@barnesinsurancebroker.co.uk
Find out more about cyber liability insurance at www.barnesinsurancebroker.co.uk/cyberliability
