A care manager’s guide to navigating cyber security

A care manager’s guide to navigating cyber security

Using digital systems to care for vulnerable people brings a wealth of opportunities for social care, but with every click posing a potential risk, protecting our services from the invisible threat of cyber attacks needs to become the norm. 

Anyone can be hit by a cyber attack, and cyber criminals are innovative thinkers who devise increasingly sophisticated strategies to target unsuspecting individuals and businesses alike.  

So don’t think your care service is immune. Attempted attacks are much more common than you might think, and in 2023 around 32% of UK businesses reported experiencing some kind of cyber security breach.  

October is Cyber Security Awareness Month, and at Better Security, Better Care, we’re calling on everyone who works in Adult Social Care to think about the systems they use and how to reduce risk. 

What can you do as a manager of a care service? 

Beefing up your cyber security measures might feel like a taxing addition to an already long to-do list. But believe us when we say that it’s a proactive investment that supports long-term stability and resilience for your business. 

A really useful thing you can do to get started is think about the systems you use and understand how your business might be vulnerable to cyber crime. Once you have an understanding of where potential weaknesses lie, you can start to think about how to reduce risk. 

Here are some points worth considering: 

  1. How does your business communicate? 

If you need to get a message to someone in the business, are you using emails to do that? What about a staff Whatsapp group? And whilst we’ve mentioned Whatsapp, are staff using their own devices for work purposes? 

Once you’ve got a better sense of how you’re communicating with staff, consider what type of information is being shared and how that can be protected.  

For email systems, we refer to national guidance which suggests using unique passwords for emails that contain 3 separate words. Check if you already have a policy on passwords, and train staff to make sure this policy is implemented.  

If staff are using their own devices for work, are there rules on what can and can’t be shared? What’s your process for removing sensitive information from a staff members phone after they leave the business? How can you be sure that staff have good security controls on their own devices? These are all key factors that can be implemented as part of a Bring Your Own Device (BYOD) policy. 

    2. Who else are you working with? 

Think about the other professionals you communicate with to do your job. GPs, pharmacists, caterers, tech suppliers – there is probably a long list.  

These people are all part of your supply chain. Whilst it’s all well and good to secure your own systems, a weak link in your supply chain could leave you vulnerable to the impact of a cyber attack.  

It’s worth asking your suppliers what cyber security controls they have in place, but remember an attack can happen to anyone. Amend your business continuity plan to include third parties in your digital supply chain and what you would do if their systems went down.  

You might find that you can implement more now than you realised. For example, by implementing back ups of your care planning software or staff rota systems. After you’ve got a plan, it’s well worth briefing your staff and testing it out. 

    3. How well versed are your staff when it comes to cyber security? 

You can work hard to implement cyber security measures across your business, but if your staff don’t know about them, your hard work and effort could be for nothing. 

Frontline care staff are possibly using digital systems to provide care and communicate with others on every shift. You might not be a cyber security expert, but you can definitely train your staff to become more cyber aware.  

Better Security, Better Care has lots of free training resources for care services, and you can raise awareness in your service by using the Keep I.T. Confidential campaign materials.  

    4. Are you using the Data Security & Protection Toolkit? 

The Data Security & Protection Toolkit (DSPT) is a useful self-assessment tool that all CQC registered providers should complete at least once a year.  

It will help you check what processes you have in place and take a birds-eye view of your business. It also demonstrates to regulators and commissioners that you have good data and cyber security arrangements, and it’s recognised as evidence by the CQC that you have good data practices in place. 

You will probably find that you are already implementing most of what it asks for. Using the DSPT can help reassure you, your staff, the people you support, their families, and commissioners that you take data protection seriously.  

There’s lots of free support available to use the DSPT with Better Security, Better Care.


Photo by Lianhao Qu on Unsplash

Back to News