Review and Republish your Data Security and Protection Toolkit
Date: Tuesday 27 February 2024
Location: Online / Zoom webinar
In the next of the Better Security, Better Care specialised webinar series, we explored the importance of including data protection and cyber security in business continuity plans. In partnership with colleagues from the National Cyber Resilience Centre, Buckinghamshire Council and the Institute of Public Care, we looked at why this is an important issue for care services and how to develop a robust business continuity plan.
Statistics from the national cyber security breaches survey 2023 tell us that:
Response planning is crucial. It’ll help you to form a plan in the incident of a data breach or cyber attack and will give you the tools you need to minimise the impact. This is where a strong business continuity plan comes in handy.
You probably already have a plan which details what you would do in the event of a fire or a flood. But does your plan detail what you would do in the event of a cyber attack? How different would the impact be?
Digital Care Hub have a very handy template you can use to implement data and cyber security into your business plan. The template looks at your digital systems and devices, encouraging you to think of all the different systems you use and what alternatives you have in place if you were unable to access any.
It also explores at least 5 different scenarios, giving you an indication of what you would need to consider for each scenario. For example, the screenshot from the template below prompts you to consider what you would do if a supplier had a fault with a critical piece of software:
It’s really important that after you develop your plan, you:
In the webinar, we also heard from Matilda Moss, head of integrated commissioning at Buckinghamshire Council. She highlighted some key learnings from cyber incidents impacting commissioned providers. Impacted care services with a strong business continuity plan who were able to implement it in a timely manner significantly reduced the impact to care delivery. Those without one, or those who didn’t implement it, suffered far worse disruption.
It might feel silly, but mimicking the actions of a scenario is the best way to test if your plan works. For example, if you wanted to test what would happen if you had broadband failure or a power outage, you could unplug the telephones, turn off the WiFi, and unplug devices in an office to simulate a power cut.
You would then refer to your plan and see if the steps you put in place would actually work as an alternative.
If you wanted to test what would happen in the event of a cyber attack, you could simulate a Phishing attack and check that staff would know what to do in the event of one, as well as the signs of what to look out for and how to prevent one from happening again.
Don’t forget to record your test so you can refer back to results and make any necessary changes.
The DSPT is a helpful checklist that all CQC registered providers should complete at least once a year. It’ll demonstrate that you’re doing everything you can to protect your information and can also be used as evidence in regulatory inspections.
The DSPT will ask you if you have a business continuity plan that covers data and cyber security, and whether or not you test that plan:
Staff training is also paramount when it comes to improving your data protection and cyber security infrastructure. You can access a free elearning resource to train your staff on key data protection and cyber security issues.
Back to News