Our top tips for strengthening your cyber security
Cyber attacks will become more common as technology continues to develop. It’s important to know what you can do to protect your care service and the information you hold digitally.
In the latest of our series of articles for Cyber Security Awareness Month, we’ve compiled a list of some practical and simple tips to help you keep your data secure.
- Protect your passwords
Your devices will contain a lot of important information about your business and the people you support. Using a strong password and following some simple steps will help to keep that information available to you and not to others.
What to do:
- Create a strong password. The National Cyber Security Centre (NCSC) recommends joining together 3 random words that are easy to remember but do not relate to you personally and are not easy for someone to guess.
- Do not share passwords. Your staff should have their own passwords and not be required to share passwords across IT systems to access information. Ensure that the access staff are given is the lowest they need to do their job.
- If given the option, use two-factor authentication to strengthen security at very little effort.
- Try to keep different passwords for important accounts so that in the event you were hacked, a criminal cannot access all the personal information you hold.
- Back up your data
We’ve already established that your devices hold a lot of information about your business. So what would you do if your tech supplier’s systems went down, if there were a power outage, or if your devices were stolen?
What to do:
- After identifying what is important to back up, the NCSC recommends either storing the data somewhere that is not permanently connected to the device holding the original copy. An example of suitable options would be on a USB stick, a separate computer, or on a cloud file hosting service such as Dropbox.
- Ensure you are regularly backing up your data or considered an automated system to save yourself time.
- Watch out for phishing scams
A phishing scam can happen to anyone and is when cyber criminals take the form of a trustworthy source to either trap you into providing them with your personal information or lead you to click on a link that will install malicious software onto your device.
Phishing scams are becoming more and more sophisticated, using current affairs to trick people into providing personal information. They can also take place in a variety of ways – contacting you through email, text, telephone calls, and social media.
What to look out for:
- When receiving emails, always pay meticulous attention to the sender address. Cyber criminals will try to replicate the domain address of a trustworthy source that can make it difficult to spot the difference.
- Remember that cyber criminals will try to provoke a quick response from you so give caution to anything that makes you feel fearful, curious, worried or hopeful.
- Cyber criminals will pretend to be figures of authority (such as government officials or your bank), so pay close attention to what they are asking and if in doubt contact the organisation directly without using any contact details in the message you received.
- Hover over links with your cursor without clicking on them to check URL’s begin with ‘https’ and have an image of a lock icon in the address bar. If unsure, always contact the company directly through their website.
- Keep your devices up to date
Installing the latest software updates on your devices and apps will help as they include protection from viruses and make it harder for criminals to target you.
What to do:
- If it’s an option, enable automatic updates on your device.
- Don’t ignore notifications asking you to update your devices or apps.
- Make sure you are connected to Wifi when installing updates.
- Defend against ransomware
Ransomware is a type of malware (malicious software) that stops you from accessing data stored on your computer. The data may be locked, stolen, deleted or encrypted and you are usually asked to pay a ransom in the form of cryptocurrency (e.g. Bitcoin).
The NCSC strongly advises against paying a ransom. There is no guarantee after paying that you will regain access to your data and you are more likely to be targeted again in the future.
How to build a strong defence:
- Make regular backups, ensuring that these are kept on a different system (offline, USB, cloud storage) and are not permanently connected to your network.
- Enable safe browsing mode via settings on your web browser to prevent access to sites known to host malicious software.
- Download anti-virus software to regularly scan for viruses and keep it up-to-date.
- Train your staff
Your staff are central to the service you provide and the day to day operations of your business. They are likely to have access to personal information about the people they support and its important that they understand their role in maintaining good cyber security.
What to do:
- Make cyber security training a mandatory part of your training package.
- Create a simulation to provide a real example.
- Utilise free e-training materials from the NCSC.
- Utilise our guidance and resources on training materials for adult social care providers
- Complete your DSPT
By completing the DSPT and reaching ‘Standards Met’ you are demonstrating that you are compliant with data protection legislation and have systems in place to keep your data secure.
What to do:
Photo by FLY:D on Unsplash
Back to News