Top tips for cybersecurity

For Cyber Security Month, Mike Fell, NHS Digital’s executive director of national cyber security operations laid out his top security tips for health and social care workers

Fell joined NHS Digital in April having previously worked in security at HMRC and the Foreign and Commonwealth Office.
    
He said: “From email and social media to online banking and shopping, it has never been so crucial to take vital cyber security steps to prevent criminals getting hold of data, devices and accounts.
    
“Here in the NHS, getting cyber security wrong has the potential to cause significant impacts across the health and care system.
    
“If a GP can’t access their system, they may not be able to share life-saving prescriptions with pharmacies or critical information with hospitals. Similarly, cyber attacks can cause cancelled appointments and surgeries, possibly resulting in care diversion to other hospitals.
    
“Cyber security is as important as health and safety, and in just the same way it’s the responsibility of every person in the NHS to understand security risks and what they can do to reduce them. Fortunately there are a few simple steps we can all take to ensure we stay cyber resilient at home and work.”

Strong password
Fell’s 8 top tips include using a strong password to make it difficult to crack. This means making it longer and more complex. It should be easy to remember but hard for someone else to guess.
    
He urged people to be aware of phishing scams which are getting cleverer and more realistic. Cyber criminals use email, websites and phone calls to steal information. Warning signs include spelling mistakes, incorrect branding, suspicious hyperlinks or urgent titles and requests. Suspicious emails should be reported to spamreports@nhs.net.
    
People should be mindful of what they share, for example by not wearing their ID pass out in public or sharing it on social media. Sharing information online means you are easier to socially engineer – this is when criminals use tricks or deception to manipulate people into giving them access to data or systems.

Watch out for tailgaters
Fell warned staff to watch out for tailgaters who could gain unauthorised entry to protected areas. Tailgaters could follow a member of staff through a security barrier to an area they are not authorised to be in. Staff are reminded to not be afraid to challenge or ask for ID.

Keep up to date with training
NHS staff should keep up to date with data training. The more you know, the less the risk of service disruption. Data breaches can lead to reputational damage, fines and most importantly, service disruption.
    
Fell reminded healthcare workers to never leave computer or mobile devices unlocked – an unlocked device is an easy target.
    
People are reminded to stay safe when using public WiFi and be careful when connecting to public or unknown networks.
    
Finally, Fell highlighted the resources that are available. NHS Digital’s Keep I.T. confidential campaign has an online security awareness toolkit. The toolkit includes practical steps for staff to implement in their everyday job such as those listed above including, secure passwords and keeping devices locked.
    
Fell concluded by saying: “I understand how busy everyone is across the NHS right now, but I would encourage everyone to make sure cyber security is a top priority.
    
“Once you start taking these small steps, they will become a natural part of your day-to-day work, which will in turn help to make a massive difference to protecting crucial information as well as the safety of patients.”