How can data help you prepare your practice for an online attack? We consider new insights into the UK’s attitude to staying safe online and combine it with some expert advice to help you develop a blueprint for your practice’s cyber-security training
Although we need technology to get the job done it’s the people that make up the core of an organisation. So, when putting in place measures to keep your practice safe from online dangers, both must be remembered – it would be fruitless to have the technology in place but the people unprepared, or vice versa. There are two key issues that managers must contend with, namely:
Cyber-attacks are where a hacker tries to access or damage your computer system or network. You only have to look at the NHS’ recent deal with Microsoft – following last year’s infamous ‘WannaCry’ attack – to realise that these present a real and present danger.
2. Scams and online fraud
Scammers cut out the need for a hacker’s coding wizardry by trying to trick the person, not the technology, into giving them access to valuable data. As we said, businesses are made up of people, so the national level of awareness of online scams provides a baseline for the level of awareness our teams will have without the proper information.
How do you prepare your business for online dangers?
Data is a good place to start. A recent NatWest survey set out to profile the UK’s attitudes to staying safe online. The study shows that a staggering 16% of people in England and Wales have been a victim of online fraud and 22% of all respondents wouldn’t know what to do if they were experiencing online security problems.
It’s clear that we need to raise awareness to make sure that national statistics don’t inform practice vulnerability to such threats and, in business, the implications of a scam are greater, not least because the poor online security habits of one person could leak the data of many. Of course, your company’s financial information is at risk – but what about the personal details of patients, or colleagues?
Three points you should be including in your online awareness training
Using the data published by NatWest we can anticipate the areas where people are in greater need of education. In essence, we can using national data to help safeguard valuable practice data as well as that of patients and staff.
1. Ensure all team members are updating both their personal and work ‘phones
To attack the first problem – cyber-attacks – you need to mount a strong defence. It may be all too easy to ignore software updates but they provide valuable security updates for both our personal and work devices.
When you consider that 22% of British adults haven’t installed security software on their devices because they don’t know which ones are best, reaffirming that the importance of researching and installing antivirus software is essential – particularly if staff can connect their own devices to your practice wifi.
2. Define robust social media sharing protocols.
World-renowned cyber-crime expert and chief research officer at F-Secure, Mikko Hypponen, gives us an idea of just how secure the information we share on social media really is. “Never post anything online that you wouldn’t mind seeing posted on the cover of a newspaper. Even if you think your post is not visible to everyone, it could very well be,” he cautions.
Mikko’s words are direct, but it’s sage advice. It makes very clear how you should approach sharing company accounts – and it is good advice about how we should approach sharing on our personal platforms too. This includes passwords, patient information and even our personal details.
3. Decide your stance on passwords
There are three main factors that encourage bad habits when it comes to passwords:
- Passwords shouldn’t be predictable and should include numbers, capitalisation and symbols.
- You should use a different password for each of your accounts; practice teams may use several systems at work on top of the many online accounts they each hold personally.
- Passwords should be changed regularly; some work systems may remind you to do this, but not all will do so.
It will come as no surprise that 53% of people admit to saving passwords to internet browsers. This is inadvisable and certainly not suitable for work computers that are used by more than one person. Further, 41% of people use the same password for multiple accounts and, most surprisingly, nine per cent of respondents admitted to sharing their banking passwords with someone.
What does this imply for company passwords? Obviously, individual passwords should never be shared, even between colleagues. Mikko recommends a more realistic solution. “Do not try to remember your passwords. Use a password manager. That’s the only way to have a unique and strong password in every service. This is what I do.”
Naturally, you’ll need to do some research to figure out if you want to roll out this kind of solution in your practice, but it is food for thought.