27 September 2017
One of our roles is to support patient trust in how we use data and how we keep it safe and secure. Our Data Security Centre is at the forefront of this and provides advice and guidance to the health and care system.
We enable the legal, secure, and safe use of information within health and care. We build public trust through the services, guidance and advice we offer. We are also a centre for threat intelligence.
But, we are not regulators.
We enable, we distill best practice, we offer advice and support, and give immediate response to the needs of our users, but it is up to every individual to ensure they do the right things to protect the data they use, and in turn, protect patients.
The WannaCry ransomware incident in May underlined the critical importance of cyber security, strong central support, and frontline staff taking responsibility for and acting decisively to protect patients’ data.
So, here are my top cyber security tips that you can start doing right now to help be protected:
- Beware of phishing scams. They can use email, websites, and phone calls as a way to steal your information. They are getting cleverer and more realistic, so watch for warning signs such as bad spelling and grammar, suspicious hyperlinks, and threats.
- Stay safe when using public WiFi. Do you know what network are you really connecting to?
- When posting on social media, only share what you actually want people to know. Social engineering works by the psychological manipulation of people to take actions or offer up information. The more information about yourself you make public, the easier you are to socially engineer.
- Password security. One size doesn’t fit all when it comes to passwords. Use different passwords.
- Don’t be complacent and ask “why would they hack me?” The answer is, “because they can”. You are just another faceless victim.
- Lock it down. When using a computer or a mobile device, never leave your screen unlocked. It is much easier to affect an unlocked laptop than it is to hack into a network.
- Don’t be afraid to ask for ID. Insider threats are real, don’t be afraid to challenge.
- Most of all – be honest. If the worst happens, you must tell someone so it can be fixed.
You can sign up for security threat bulletins and emergency notifications and you can visit the CareCERT information sharing portal (using an N3 connection) to see previous threat bulletins and emergency notifications.