Use a strong password: The longer and more complex your password, the more difficult it is to crack. Passwords should be easy to remember, but difficult for someone else to guess. The National Cyber Security Centre (NCSC) suggests a good rule to go by is, “make sure that somebody who knows you well, could not guess your password in 20 attempts”. NSCS also recommends combining three random words to create a single password, or you could use a password manager, which can create strong passwords for you and remember them.
Report suspicious emails: Be aware of potential phishing scams and emails that try to trick you into providing information. Do not open attachments or click on links without establishing if they are legitimate. Successful phishing attempts could pose a risk to patient safety or result in disrupted IT systems.
Watch out for these common signs of a phishing email:
- Incorrect branding
- Spelling and grammar mistakes
- An email address with an irregular format
- Suspicious links which look out of place
- An urgent title or request
If you think you have received a phishing attempt:
- Do not click on any links or attachments
- Inspect the email address or domain name to determine if it's from a legitimate source
- Report any suspicious emails as an attachment to [email protected] (social care) or [email protected] (NHS)
Do not provide your login, password or sensitive information if you are asked by email, phone or text message. Look up the main number for the organisation and contact them to check if the request is genuine.
Be aware of what you share: Do not share or wear your I.D pass out in public or show it on social media. Avoid discussing any sensitive information in public places and lock your screen when you’re away from your device, as unlocked screens are an open invitation.
Watch out for tailgaters: Tailgating is a physical security breach where an unauthorised person gains entry to protected areas by following a member of staff through security barriers like doors and gates. Letting unauthorised people in could lead to them taking personal data or accessing systems.
Some useful tips to stop tailgating:
- Query the status of strangers if it is safe to do so, especially if they try to follow you into staff areas
- Wear your building pass or ID if issued and ensure it is visible
- Challenge anyone who doesn't display a visible ID badge, if it is safe to do so
- Make sure you shut or lock doors and cabinets, where necessary
- Maintain a clear desk policy when away from your workstation
- Know who to tell if you see anything suspicious or worrying
Keep up to date with data training: Knowing how to handle data will reduce the risk of service disruption. Data breaches can lead to fines, disruption to services and reputational damage. Make sure you understand and follow the latest guidance around data sharing.
Do not be tricked into giving away information: Social engineering is when criminals use tricks or deception to manipulate people into giving them access to data or systems. Giving unauthorised or suspicious people access to information or places could risk someone swiping people’s data.
How to stop social engineering:
- If a web browser states that you are about to enter an untrusted site, be very careful. It could be a fake phishing website that has been made to look genuine.
- If you see a red padlock or a warning message stating your connection is not private, be careful.
- Never give your login details to anyone. Your ICT department will never ask you to disclose your password.
- Be cautious with sharing information about your work on social media sites, especially on your personal accounts.
- If in doubt, seek advice from your local ICT team.
I understand how busy social care staff are, but I would encourage everyone to make sure cyber security is a top priority to help protect data and maintain public trust in our vital services.
Once you start taking small, simple steps, they will become part of your day-to-day work and will make a massive difference to protecting crucial information.
This blog was first published by Care Management Matters on Sept 1 2022