post image

Taking control: Are you prepared to take proper care of your cyber risks?

Chris Burgess, Cyber Manager at Markel UK, explains how COVID-19 has not only changed the way we work but also created new opportunities for cybercriminals.

It goes without saying that COVID-19 has had a far-reaching impact on many aspects of our working and private lives. For many organisations, new restrictions quickly forced them to change the way they operate with an increased reliance on technology, particularly remote working.

Our reliance on technology has increased to the extent that, according to a survey by McKinsey released in October 2020, COVID-19 has advanced the use of digital technologies by several years.

The care sector has been no exception. Staff, who work in administration and office-based roles, were forced to work remotely unless it was imperative they needed to see clients face-to-face.

Increased risk

While robust digital security systems may exist within the office environment, COVID-19 has forced staff to, not only work from home, but also access company systems using their own computers, laptops and mobiles. This potentially leaves the employer at a greater security risk, as they are unable to fully control the quality of security systems in place.

This has created a new dynamic for cyber risks and increased the types and levels of cyber-attack during the pandemic. Firms must assess the level of reputational damage should their system be compromised. How would an attack affect their clients and their families? Could client, employee and supplier information be compromised? How much would it cost to put things right? What protection is in place should any breach occur?

While lockdown is easing, remote working for many businesses is here for the foreseeable future and this threat will continue. It may be time to review not only your security but also the cover in place should you require it.

Whilst there will always be a risk, being prepared should anything go wrong can help. Seeking advice – and discussing what is right for your organisation’s specific needs – is advised. A cyber threat will have different outcomes, depending on your size, the services you provide and the sector of care industry you operate in.

The growth in digitalisation has been accompanied by a rise in online fraud, scams, intrusions and security breaches across a wide range of organisations and Government bodies.

Evidence of threat

To cybercriminals, the size of their victim’s organisation does not matter. According to UK Government statistics almost half of businesses (46%) and a quarter of charities (26%) have reported cyber security breaches. Amongst the businesses which formed part of the survey 32% are experiencing breaches or attacks once a week and a fifth of charities (22%) say they experience breaches at least once a week.

Defending your network and data against malware, ransomware, phishing, and other threats has never been more important. The Government’s statistics show that businesses are experiencing a rise in phishing attacks (86%) and while viruses or other malware attacks have fallen in number, they still pose a significant threat to businesses of all sizes. Cyber criminals are constantly working to find new ways to access systems.

Understand the law

In the UK, laws relating to data breaches that arise from cyber-attacks have been enhanced. They place the onus on the organisation to react in a way that limits the impact on clients, with increasing penalties for failure to take every effort to mitigate any impact.

Understanding your risks is vital; only then can you instigate steps to protect your systems and address the weaknesses you have identified. Begin by asking how secure you consider your data availability, confidentiality and integrity to be. Rate whether you consider them to be very secure, secure or not secure.

Devise your strategy

Here are seven steps that need to be part and parcel of your cyber strategy:

  1. Implement regular checks. GDPR rules require regular tests to check whether effective security measures are in place. This helps to ensure you are ahead of the game when it comes to a cyber security issue.
  2. Ensure an emergency plan is in place. Create a plan which ensures that any breaches are dealt with efficiently and effectively. Responsibilities should be given and senior team members should lead when it comes to a response plan. Ensure all staff members are aware of the plan.
  3. Ensure any security incidents are reported and acted on as soon as possible. Make sure all staff are aware of the importance of reporting problems and to whom they should report them within the organisation.
  4. Review how a breach occurred. Once the problem has been solved, investigate how it happened. Make sure you immediately put in place any necessary changes to protect you in the future. Records must be kept – this is particularly crucial if you need legal support as a result of a breach.
  5. Seek legal advice. It is well worth seeking a lawyer’s view. They would be able to inform you if you might be in a litigious situation. You may also need to report any incident to the authorities, including the police and Information Commissioner’s Office (ICO).
  6. Make sure you protect your reputation. Be prepared to deal with possible media interest and client/customer questions. Allocate a spokesperson and ensure a clear and consistent message is given.
  7. Ensure you are able to recover assets if needed. If data is lost through malicious actions, you may be asked to recover it so ensure you have backups in place. Make sure this is possible and inform any legal advisers you have.

These risk management suggestions, of course, will not eliminate the risk altogether. Organisations still need appropriate cyber insurance cover in place to add that additional protection for when things go wrong.

What are you up against?

A brief explanation of the main types of breaches according to the UK National Cyber Security Centre.

Phishing

Untargeted, mass emails sent to many people asking for sensitive information (such as bank details) or encouraging them to visit a fake website.

Malware

Derived from ‘malicious software’, malware includes viruses, Trojans, worms or any code or content that can damage computer systems, networks or devices.

Ransomware

A type of malware that makes data or systems unusable until the victim makes a payment.

 

Chris Burgess is Cyber Manager at Markel UK. Twitter: @MarkelUK

How robust is your cyber strategy and do you think you have faced greater cyber threats recently? Share your feedback below.

 


 

QCS urges providers to complete Data Security and Protection toolkit

QCS, the provider of content, guidance and standards for the health care sector, is calling on social care providers, who haven’t already done so, to complete the Data Security and Protection toolkit (DSPT) before the 30th June deadline.

Leah Cooke, QCS’s Content Operations Manager, said, ‘The National Cyber Security Centre handled 723 incidents within the NHS – all of them “related to Coronavirus”. We also know that the NCSC’s Active Cyber Defence Unit detected over 120 phishing campaigns, each of them using NHS branding.’

But how have care providers been affected during the pandemic? Leah Cooke continues, ‘Although QCS has not surveyed its 100,000-plus users on this point, a recent report by Digital Social Care and Skills for Care1 highlighted that up to 19% of the 418 social care providers it surveyed did not have data security protocols in place. The study, entitled ‘Digital Maturity in the Social Care Sector – Quantitative Research’,2 also revealed that 8% of social care providers interviewed had fallen victim to a cyber-attack, while 4% had suffered a cyber breach.

‘Although the report shows that the number of providers classing themselves as “digitally ready” has risen, it also reveals that 14% of providers interviewed classified themselves as novices. Not only does this emphasise how far the sector must go before it becomes truly digitally ready, but it also shows the inherent value of utilising digital training. According to the survey, 52% of providers interviewed had not heard of the DSPT. This needs to change if the sector is to bridge the digital divide.’

References

<1> https://www.laingbuissonnews.com/care-markets-content/news/digital-maturity-among-care-providers-showing-positive-development/

<2> https://www.digitalsocialcare.co.uk/wp-content/uploads/2021/06/Digital-Readiness-Report-Wave-2-March-2021-FINAL.pdf

 

Related Content

Social care Insights

Digital assistance: The dedicated space supporting providers during the pandemic

Where next? Social care technology trends post-COVID-19

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments

Caring for Care Workers. Donate to The Care Workers’ Charity and make a difference Donate