Mike Fell joined NHS Digital in April 2022 as the organisation’s new executive director of National Cyber Security Operations – having previously worked in senior security roles at HM Revenue and Customs (HMRC) and the Foreign and Commonwealth Office.
Mike said: ‘From email and social media to online banking and shopping, it has never been so crucial to take vital cyber security steps to prevent criminals from getting hold of data, devices and accounts.’
‘Here in the NHS, getting cyber security wrong can cause significant impacts across the health and care system.’
‘If a GP can’t access their system, they may not be able to share life-saving prescriptions with pharmacies or critical information with hospitals. Similarly, cyber attacks can cause cancelled appointments and surgeries, possibly resulting in care diversion to other hospitals.’
‘Cyber security is as important as health and safety, and in the same way, it’s the responsibility of every person in the NHS to understand security risks and what they can do to reduce them.
Few simple steps to ensure we stay cyber resilient at home and at work
Use a strong password
The longer and more complex your password, the more difficult it is to crack. Passwords should be easy to remember, but difficult for someone else to guess. The National Cyber Security Centre (NCSC) suggests you: make sure that somebody who knows you well could not guess your password in 20 attempts. NSCS also recommends combining three random words to create a single password or you could use a password manager.
Beware of phishing scams
Cybercriminals can use email, websites and phone calls as a way to steal your information. They are getting cleverer and more realistic, so watch for warning signs such as incorrect branding, spelling mistakes, an email address with an irregular format, suspicious hyperlinks and an urgent title or request. And be sure to report any suspicious emails as an attachment.
Do not share or wear your identification card pass out in public or show it on social media. Social engineering is when criminals use tricks or deception to manipulate people into giving them access to data or systems. The more information you share about yourself online, the easier you are to be socially engineer.
Watch out for tailgaters
Tailgating is a physical security breach where an unauthorised person gains entry to protected areas by following a member of staff through security barriers like doors and gates. Don’t be afraid to ask for identification. Insider threats are real, so don’t be scared to challenge.
Keep up to date with data training
Knowing how to handle data will reduce the risk of service disruption. Data breaches can lead to fines, disruption to services and reputational damage. Make sure you understand and follow the latest guidance around data sharing.
Lock it down
Never leave your computer or mobile device unlocked. It is much easier to abuse an unlocked laptop than to hack into a network.
Stay safe when using public WiFi
Do you know what network you are really connecting to?
Make use of the excellent resources available
NHS Digital’s Keep IT Confidential campaign is a fantastic way to help organisations promote good cyber security across their workforce.
The campaign has an online security awareness toolkit which includes practical steps that staff can adopt into their everyday job, such as setting secure passwords, keeping devices locked when they’re not in use, and being aware of phishing, email scams, and social engineering.
Mike added: ‘I understand how busy everyone is across the NHS right now, but I would encourage everyone to ensure cyber security is a top priority. Once you start taking these small steps, they will become a natural part of your day-to-day work, which will in turn help to make a massive difference in protecting crucial information as well as the safety of patients.’
