25th February 2020
Employees Keeping Your Data Safe .... Don’t Bank On IT!
In any Care Group, big or small, employees can be your biggest IT threat, and they might not even realise it. Care Groups already face countless cyberthreats, like data breaches, cyber-attacks, online viruses and malicious e-mails. But despite all these outside threats, the real problem can come from the inside.
One of the biggest threats to your business’s security is simply a lack of awareness on the part of your employees. It comes down to this: your employees just aren’t aware of current threats or how to safely navigate e-mails and the web. They might not be aware when they connect to a non secure WiFi network or if they even have a firewall. In addition lots of emails, web pages and pop ups are designed to look genuine and hackers are looking to purposely trick your employees with anything connected to the Internet.
The best preventative solution, in this case, is making sure employees are trained and can identify security and email threats, which in easier said and done as carers want to look after residents not look out for security threats. However a simple what to spot is easy and is something can take just 15 minutes to explain to carers in a group.
You should find a trainer that does not just deal with computer IT side of things, but also non IT areas that data could be stolen, breached or captured. At the very least have all your employees should be put on a training program for 15 to 20 minutes through videos or in person huddle training. Its good to look at any current training and find any gaps, or start putting together training if you don’t have it. You want a training program that covers all your gaps and gives your employees the knowledge and tools they need to keep themselves and your business secure. (Don’t know where to begin? Work with professional IT specialists that are also are aware of the NHS Toolkit, GDPR and Cyber Security specialists. They know what your employees NEED to know!)
Another major security threat is phishing e-mails. On any given day, you and your employees can be on the receiving end of 2-13 phishing email trying to steal your information, with fake pretending to be genuine e-mails. Data from Symantec shows that 71% of targeted cyber-attacks stem from phishing e-mails. While awareness regarding phishing scams is better than ever, it’s still far from perfect. And it doesn’t help that phishing e-mails have gotten more advanced.
Phishing e-mails are typically disguised as messages from a legitimate source, such as another member of staff, a bank or care provider. They try to trick recipients into clicking a link or opening a file (which you should NEVER do if you are not 100% sure about the source). But there are easy ways to identify scam e-mails:
1.They’re impersonal. They may be addressed to “customer,” “to whom it may concern” or “my friend.” But be careful – sometimes they are addressed properly and use your name.
2. They’re full of spelling and grammar errors. Not every phishing e-mail will have these errors, but it’s good to read e-mails word for word rather than just glancing over them. Unusual errors often mean a scam is lurking.
3. The “from” e-mail address is unfamiliar. This is one of the easiest ways to pinpoint a scam e-mail. Look at the sender, and if the address is filled with numbers, letters, misspelled words or is weirdly long, there’s a good chance it’s from a scammer.
The other major issue facing your care group is your operational or regional managers connecting to unsecured WiFi hot spots. It is such an easy mistake to make. Whether it’s a remote employee or an employee working during lunch at a corner café, you never know when they might connect to non-secure WiFi (it doesn’t help that it’s everywhere these days). One Spiceworks study found that upward of 61% of employees connect to non-secure public WiFi while working remotely.
The problem is, you never know who is watching or if the public WiFi is really the network you intend to connect to. Hackers can easily set up a “fake” network to divert traffic to their hot spot to circulate malware and steal data.
Another WiFi threat might be right at home. If you have employees who work from home, you need to make sure their home WiFi connection is secure. Too often, home users leave their WiFi wide-open because it’s home. They think no one’s going to sneak onto their WiFi or they don’t keep it secure because it’s easier to connect a lot of devices.
While it might be easier to connect to, it can cause huge problems. For one, WiFi signals can reach hundreds of feet. It’s easy to sit outside of a flat or house from the street and find lots of WiFi signals. If any of these signals are not secure, a hacker can sit outside undisturbed and go to work accessing data and planting malware.
It all comes back to this: Work with your employees to establish IT best practices. Educate them on threats and how to protect themselves and your company. Help them develop a positive IT security mindset at the office, at home or anywhere they work, whether they’re using company equipment or their own.
Don’t know where to start? Don’t worry – one phone call and we can help get you started with free 2 hours of training for each Care Home that calls us.. Don’t wait. Let’s secure your care group today – call us on 020 3475 6551
Working with the National Care Association we can run a check on your Care Group and find out if you have been hacked or if hackers have any of your passwords, just get in touch and we will perform this FREE check normally £750 and provide you will a full report.
Adam Abrahami the author helps Care Groups like The Bondcare Group and Draycot Nursing and Care improve CQC rating to Outstanding and make sure carers can spend more care with residents. The latest work involves ensuring Care Homes are part of the NHS Toolkit and are adequately protected against data breaches and cyber attacks.