One of the health sector’s leading cybersecurity experts has detailed what he believes NHS workers should do to protect themselves, as we dive deeper into Cyber Security Awareness Month.
Mike Fell joined NHS Digital as their new Executive Director of National Cyber Security Operations back in April after having previously worked in security roles at HM Revenue and Customs and the Foreign and Commonwealth Office, and now he is sharing his top tips for cybersecurity this autumn.
Mike’s eight top tips are:
Use a strong password – Passwords should be hard to crack but easy to remember. The National Cyber Security Centre says you should have a password that wouldn’t be able to be guessed in 20 attempts by somebody who knows you.
Beware of phishing scams – Mike urges people to watch for the warning signs that people are trying to scam you. You should look for things like incorrect grammar and branding, email addresses with irregular formats, suspicious looking hyperlinks, or an urgent sounding subject line, title or request. If you believe somebody is trying to scam you make sure to report it to [email protected].
Be mindful of what you share – Social engineering is a technique scammers use to trick people into giving them access to data or systems. To get around this, Mike says staff should avoid wearing their ID out in public or sharing it on social media. The more information you share online, the easier you are to socially engineer.
Watch out for tailgaters – Tailgating is a more physical type of security breach that occurs when an unauthorised person follows a member of staff into a secure area. If you think you are being tailgated, Mike says that staff should not be afraid to challenge and ask for a person’s ID. Insider threats are real.
Keep up to date with data training – Mismanaging data can lead to financial penalties, reputational damage and overall service disruption. To ensure that doesn’t happen, Mike urges staff to make sure they understand and follow the latest guidance and support around data sharing.
Lock it down – Make sure any system that has access to sensitive data and information, whether it be a computer or mobile device, is never left unattended and unlocked. Mike says it is much easier to abuse an unlocked laptop than it is to hack into a secure network.
Stay safe when using public Wi-Fi – Make sure you are not accidently connecting to a private or third party Wi-Fi network. Mike says that you should always know what network you are connected to.
Make use of the excellent resources available – NHS Digital launched their online security awareness toolkit, Keep I.T. Confidential, earlier this year. The toolkit contains all the information staff will need to keep themselves safe from scammers and hackers. Use it.
Mike Fell said: “From email and social media to online banking and shopping, it has never been so crucial to take vital cyber security steps to prevent criminals getting hold of data, devices and accounts. Here in the NHS, getting cyber security wrong has the potential to cause significant impacts across the health and care system.
“If a GP can’t access their system, they may not be able to share life-saving prescriptions with pharmacies or critical information with hospitals. Similarly, cyber-attacks can cause cancelled appointments and surgeries, possibly resulting in care diversion to other hospitals.
“Cyber security is as important as health and safety, and in just the same way it’s the responsibility of every person in the NHS to understand security risks and what they can do to reduce them. Fortunately there are a few simple steps we can all take to ensure we stay cyber resilient at home and work.
“I understand how busy everyone is across the NHS right now, but I would encourage everyone to make sure cyber security is a top priority.
“Once you start taking these small steps, they will become a natural part of your day-to-day work, which will in turn help to make a massive difference to protecting crucial information as well as the safety of patients.”