Mike Fell joined NHS Digital in April 2022 as the organisation’s new executive director of National Cyber Security Operations – having previously worked in senior security roles at HM Revenue and Customs (HMRC) and the Foreign and Commonwealth Office.
Mike said: “From email and social media to online banking and shopping, it has never been so crucial to take vital cybersecurity steps to prevent criminals from getting hold of data, devices and accounts.
“Here in the NHS, getting cybersecurity wrong can cause significant impacts across the health and care system.
“If a GP can’t access their system, they may not be able to share life-saving prescriptions with pharmacies or critical information with hospitals. Similarly, cyber attacks can cause cancelled appointments and surgeries, possibly resulting in care diversion to other hospitals.
“Cybersecurity is as important as health and safety, and in the same way, it’s the responsibility of every person in the NHS to understand security risks and what they can do to reduce them.
Here are a few simple steps to ensure we stay cyber resilient at home and at work:
Use a strong password
The longer and more complex your password, the more difficult it is to crack. Passwords should be easy to remember, but difficult for someone else to guess. The National Cyber Security Centre (NCSC) suggests you make sure that somebody who knows you well could not guess your password in 20 attempts. NSCS also recommends combining three random words to create a single password or you could use a password manager.
Beware of phishing scams
Cybercriminals can use email, websites and phone calls as a way to steal your information. They are getting cleverer and more realistic, so watch for warning signs such as incorrect branding, spelling mistakes, an email address with an irregular format, suspicious hyperlinks and an urgent title or request. And be sure to report any suspicious emails as an attachment.
Do not share or wear your identification card pass out in public or show it on social media. Social engineering is when criminals use tricks or deception to manipulate people into giving them access to data or systems. The more information you share about yourself online, the easier you are to be socially engineer.
Watch out for tailgaters
Tailgating is a physical security breach where an unauthorised person gains entry to protected areas by following a member of staff through security barriers like doors and gates. Don’t be afraid to ask for identification. Insider threats are real, so don’t be scared to challenge.
Keep up to date with data training
Knowing how to handle data will reduce the risk of service disruption. Utilising services can help monitor security events in real-time, enhancing your ability to prevent data breaches. Data breaches can lead to fines, disruption to services, and reputational damage. Make sure you understand and follow the latest guidance around data sharing.
Lock it down
Never leave your computer or mobile device unlocked. It is much easier to abuse an unlocked laptop than to hack into a network. Ensuring that your computer or mobile device is always locked when unattended is crucial for maintaining your personal and professional security. An unlocked device provides easy access for unauthorised users to compromise your data, install malicious software, or misuse your accounts.
By taking a few seconds to lock your screen, you greatly reduce the potential risks associated with leaving it unsecured. Simple actions like setting up a strong password or enabling biometric authentication add an extra layer of protection. Overall, locking down your devices is a basic but vital step in securing your digital life.
Stay safe when using public wifi
Do you know what network you are really connecting to? Stay safe when using public WiFi by always verifying the network name and using a virtual private network (VPN) to encrypt your data. Public WiFi can often be a target for cybercriminals looking to intercept sensitive information.
A good rule of thumb is to avoid conducting any sensitive transactions, like banking or shopping, over an unsecured network. Always keep your device’s software up to date, as security patches are regularly released to fix known vulnerabilities. Finally, turn off sharing settings for files and devices when connected to public networks to minimise risks.
Make use of the excellent resources available
Logit.io’s siem as a service and the NHS Digital’s keep IT confidential campaign is a fantastic way to help organisations promote good cyber security across their workforce.
The campaign has an online security awareness toolkit which includes practical steps that staff can adopt into their everyday job, such as setting secure passwords, keeping devices locked when they’re not in use, and being aware of phishing, email scams, and social engineering.
Mike added: “I understand how busy everyone is across the NHS right now, but I would encourage everyone to ensure cyber security is a top priority. Once you start taking these small steps, they will become a natural part of your day-to-day work, which will in turn help to make a massive difference in protecting crucial information as well as the safety of patients.”
