Cyber security can sound off-putting and like it is something only IT professionals need to be concerned with; however, it is really important that everyone working in social care is aware of cyber security. The National Cyber Security Centre (NCSC) have a good definition of what we mean by cyber security:
“Cyber security’s core function is to protect the devices we all use (smartphones, laptops, tablets and computers), and the services we access – both online and at work – from theft or damage.”
Social Care organisations are increasingly using technology to record and store sensitive information. This has numerous benefits, but also means there are increased risks of cyber attacks and data breaches. According to the Department for Digital, Culture, Media and Sport’s Cyber Security Breaches Survey 2020, almost half of businesses (46%) and a quarter of charities (26%) report having cyber security breaches or attacks in the 12 months before the survey was taken. The majority of these cyber attacks are through fraudulent emails. Digital Social Care recently published an anonymous case study from a care service who underwent a cyber attack. The care manager said,
“I cannot express the emotional stress this caused. It felt like we were watching a burglary on CCTV without any power to intervene.”
The risk of cyber attacks shouldn’t prevent care providers from considering using technology in their service as there is a lot that providers can do to help mitigate against the risks.
Top Tips for Improving Your Cyber Security
- Be careful with your email – learn how to spot phishing emails and be cautious about clicking on links
- Use strong passwords – the NCSC recommend using 3 random words.
- Install the latest software updates and antivirus software
- Protect mobile devices and tablets – and consider personal devices used for work purposes
- Back up your data
- Train staff to be cyber aware
- Check if your insurance policy covers a cyber breach
There is lots of support available for social care organisations to improve their cyber security. At Digital Social Care we provide free, basic cyber security guidance which explains these top tips in more detail. We are also running the Better Security, Better Care programme which provides free local support to care providers looking to complete the Data Security and Protection Toolkit.
The Home Office has also funded UK Law Enforcement to run regional cyber resilience centres who can provide advice and guidance to businesses, including the care sector. The NCSC provide lots of guidance with some useful advice for small and medium-sized organisations.
Many software companies are also working with the sector to help with cyber security. Some of these organisations have a specific cyber security focus, such as companies like Egress which provide additional email security to help prevent phishing attacks. Other software companies may not market themselves as being focussed on cyber security; however, having good security will be integral to their offering. Nobody wants to risk a data breach or cyber attack and so many software companies will have certifications such as ISO 27001 or Cyber Essentials Plus to prove that they take this seriously. Often companies will also be able to support providers by offering back ups of their data, managing hardware on behalf of the care organisation and providing advice.
Care providers should be aware of the cyber risks of implementing new technology, but shouldn’t see this as a barrier to using new digital tools. As with all things, it’s about balancing risk against reward. There is a lot of support out there to help.