This month we are marking Cybersecurity Awareness Week. Hundreds of events take place to remind us all why cyber security is so vital in both the public and private sectors. Wherever there is a computer, there is a potential cyber threat — and that includes our doctor’s surgeries and other health related premises and systems. In this article we explore the cyber essentials you should be monitoring, and the NHS’s secure email standard for health and care organisations.

The Government and the National Cyber Security Centre (part of GCHQ) support the following five pillars of Cyber Essentials which you should always be mindful of:

1. Firewalls

In order to set boundaries as to where the users of your systems can go, you can use firewalls and internet gateways to set permissions.

2. Secure configuration

Failure to manage the proper configuration of your servers can lead to a many different security problems and risks. Remember to:

•    remove unnecessary or no-longer-used accounts
•    always change default passwords to something else
•    disable any feature which might allow file execution without authorisation 
•    set strong passwords of a minimum of 8 characters

3. User access control

It is important to keep access to your data and services to a minimum. Otherwise, criminal hackers may find they have open, unfettered access to large amounts of sensitive data. It’s a good idea to:

•    make sure users to applications or devices have been authenticated
•    remove unnecessary or no-longer-used accounts
•    use 2-factor (or ‘multi’) authentication
•    ensure only admin accounts perform admin functions

4. Malware protection

Make sure you protect your business from malicious software, which is often aimed at accessing and even destroying the sensitive information you own. Did you know that 40% of UK organisations fell victim to an average of five ransomware attacks in 2017? Make sure you’re not one of these by:

•    keeping software up to date and not putting off updates
•    ensure files are scanned automatically for viruses when they are downloaded or accessed
•    ensure your browser or anti-virus software prevents connections to malicious (or potentially malicious) websites

5. Patch management

Hackers exploit known vulnerabilities in operating systems and third-party applications if they are not properly patched or updated. Patch management is about keeping software on computers and network devices up to date and capable of resisting low-level cyber attacks. Any software is prone to technical vulnerabilities. Once discovered and shared publicly, these can rapidly be exploited by cyber criminals. Recent data suggested that almost 60% of breaches suffered by organisations were because of unpatched vulnerabilities. You should always:

•    use only software that is licensed and still supported by the manufacturer
•    remove software from devices when it is no longer supported
•    ensure software is patched within 14 days of an update being issued, especially if the patch is critical or high risk.

Did you know there is also a Cyber Essentials readiness toolkit?

You can access it on the Resources page of the NSCS website, and the questions you answer will prompt you to think about whether you are doing enough of the right things to protect your organisation from common cyber threats.

Helpful policies on FPM Core – our market-leading policies and compliance software
FPM Members can find a Cyber Security Policy on our Core database, as well as an Online Video Consultation Policy.