It’s been a hot topic for quite some time – and with good reason too. Constant media coverage of the latest security breach is rightly causing everyone to be concerned about their own system security. After all, hackers are finding fresh ways to infiltrate systems and wreak havoc.
The NHS security breach in 2017 is a case in point. This saw massive chaos and the institution held to ransom. Sadly, it is by no means the only data security issue to hit the sector.
Back in 2016 a nursing home in Northern Ireland was fined £15,000 by the Information Commissioner’s Office ‘for breaking the law by not looking after the sensitive personal details in its care’.
The breach was said to have occurred when a staff member’s unencrypted work laptop was stolen during a burglary of their home which contained ‘sensitive personal details’ on both staff and residents. It’s a reminder of how vulnerable we all are to cybercrime.
Think about the sensitive data that’s stored in your own organisation. This includes everything from client care plans and medical background to staff records, discipline procedures and DBS checks. Safeguarding data should be a number one priority as these kinds of incidents can be very damaging from a legal, cost, reputational and personal perspective.
Obvious risks
There are plenty of things you can do to safeguard your organisation. Firstly, focus on the most obvious risks – these could be upgrading operating systems and making sure all patches and security software is up-to-date.
Keeping all data on the premises is fraught with danger. What would you do if the building burned down? Data could become corrupted, get stolen or hacked so create multiple backups regularly (with at least one set that’s off the network and off the premises).
In our own care solution, multiple companies can be managed safely within one system. This ring-fences patient data so individual organisations within a group see only the information that’s relevant to them, whilst allowing group level views across all companies. Only allow people access to the information they need to carry out their role.
Also, keep a check on administrative privileges and employee access to systems after a person has left the business. It’s easy to think that security breaches are just about technology but it’s often more about people who may or may not have malicious intent.
Not only should your system security be watertight, your staff should understand the important role they play too. Never write down passwords (and never leave them next to the computer). Beware of being asked for sensitive information over the phone or if data is being taken off site. All of this should be taken into consideration but it’s by no means exhaustive.
Plan and prepare
Staying secure starts with planning. What are the organisation’s weaknesses? Are staff taking laptops home? Is all data encrypted? Make sure nothing is missed. Look to minimise risk as much as possible in the first place.
If a breach does occur, know how you’re going to respond. Who is the central point of contact? If your systems are locked down how are you going to deliver care services? How quickly can you get back up and running? Write your plan down so everyone knows what to do.
At Access Group, we adhere to the policies and standards of the Information Governance Toolkit, ISO 270001 and have our own infrastructure and disaster recovery procedures in place. Making sure that you have a robust cyber policy is critical to safeguard your organisation. If you haven’t already got one – or it’s not been reviewed for a while – make it the very next thing that you do.