Keep IT Confidential is a free online cyber security awareness toolkit, aimed at NHS trusts and other healthcare bodies, about common-sense security practice and the impact it can have on patient safety.
It includes the physical world – such as unlocked computer screens (‘an open invitation to patient data theft’) and the risks from allowing tailgating – when unauthorised people gain entry to a building by following a staff member through doors. Steps that staff can adopt into their jobs include setting secure passwords, keeping devices locked when they’re not in use, and being aware of phishing, email scams and social engineering. Launched by NHS Digital’s Data Security Centre, the materials have been designed to help NHS bodies run their own cyber security awareness campaigns at a time and in a way that suits them.
After a first launch in 2019, additions cover data security and awareness of the impacts of sharing too much information.
NHS Digital’s Chief Information Security Officer, Neil Bennett said: “Taking small simple steps such as setting a strong password and keeping your screens and devices locked when they’re not in use, are vital for the NHS and patient safety. Considering cyber security in your day to day lives can make a huge difference and help to keep ourselves and patients protected online and in our workplaces.
“We know how busy NHS staff are, so we want to help them understand the importance of cyber security and how it can benefit their working lives in a quick and simple way.”
Visit https://digital.nhs.uk/keep-it-confidential.
Comment
Camille Charaudeau, VP Product Strategy at digital risk protection platform CybelAngel said: “An awareness of good cyber practices will always help to bolster security, particularly as humans can often be the weakest link, so it is important training is provided in a digestible way. Nonetheless, we need to remember staff aren’t the only link in the chain: Health organisations now rely extensively on third parties, and share information with an external ecosystem broader than ever.
“If these players do not apply the same security standards, they expose the whole chain to breaches. Therefore strong defences should be in place behind the scenes; continuous scanning for assets exposed outside of the perimeter is essential to quickly identify and plug data leaks to minimize operational downtimes and ultimately save lives.”
