IT Security and the Social Care Sector

Cybercrime has become an everyday occurrence and it would appear that it’s a phenomenon that’s here to stay. In fact, Cybercrime is on the increase and experts predict the global cost will triple and hit $6 trillion annually by 2021.

There are many different types of cybercrime, with different objectives and differing levels of tactical sophistication. Businesses that neglect IT security will eventually become a victim, it is only a matter of time. If you have an internet connection…you are a target.

The social care and charity sectors are particularly at risk. Budget constraints often mean that hardware and software are out of date and have many vulnerabilities that can be exploited by unscrupulous cybercriminals. And a lack of user expertise can mean that unsafe practices are being deployed which can put data at risk. Poor password practices, shared machines and shared email accounts, and a lack of awareness around IT security, in general, are all things that can cause big problems if left unaddressed.

At the beginning of 2017, Experian predicted that the health care sector would be the most heavily targeted vertical industry, and there have been some very high-profile attacks on the healthcare sector and the NHS in recent years.
This presents the sector with some very big problems going forward. Information governance and data protection are very prominent within CQC compliance. Add to that the changes in the data protection laws with the General Data Protection Review (GDPR) set to come in to place in May 2018, and there is a whole heap of pressure to make sure that IT security is a priority and that data is protected at all costs.

GDPR changes the game somewhat in data protection. It places the onus on organisations to prove that they have applied adequate technical and organisational measures to protect data. The consequences for a data breach will be potentially crushing. On top of the obvious issues that a loss of data in the social care sector would cause; bad publicity, loss of trust, potential law suits, to name but a few……there will also be vastly increased fines to those unable to prove that they have taken all the relevant measures to protect data.

With approximately one million viruses released into the wild everyday businesses and IT security vendors have their work cut out to stay ahead of the game. Leading cybersecurity experts are consistent in their advice in the fight against cybercrime and data theft……..they all highly recommend a multi-layered approach to protecting IT systems. Nothing is 100% guaranteed to fight off every threat but a multi-layered approach significantly improves the odds in our favour.

Organisations should put in place a robust IT security and disaster recovery policy incorporating most or all the following:

• A quality anti-virus product

• A quality anti-spam product

• Strong password policy

• Auto-locking of idle machines

• Encryption software

• Data back-ups to a secure offsite location

• Multi-factor authentication

• Regular staff training – including developing awareness of the methods cybercriminals to gain access to data.

To complicate matters further, although it is wise to set systems to apply automatic updates and patches, the complexity of individual IT systems and 3rd party / industry software packages can mean that updates and patches can interfere with the smooth running of systems.

The simplest and most effective way to negotiate this issue, and to ensure that your IT systems are as up to date and protected as they can be, is to outsource to a quality IT support/IT security company. They will manage the process for you, they will push out updates and patches in a way that will have the least impact on your systems in terms of downtime. They will also monitor your system and be aware of the latest threats…….which takes away some of the stress, worry and responsibility from inexperienced staff members.

All that said, human error remains the most common factor in IT security breaches. Educating staff is as crucial as IT Security products in the fight against cybercrime and data loss. Apathy is not an option. They must be made aware of potential dangers contained within emails and social media for example. And educating them on the consequences of data breaches and non-compliance in GDPR and CQC will go a long way to making staff take IT security seriously.

The social care and charity sector faces some big challenges in this area in the years ahead. Organisations need to give IT security some serious thought and make it a priority sooner rather than later.

 

We hope you found this blog useful. If you would like any further advice or support in finding the right person for a management role in your social care service then we would be happy to consult with you and find a solution that will not only give you a return on your investment but also reduce your time to hire.

turro look beyond the CV; turro finds out the values that drives each candidate to work in this very demanding yet rewarding sector.

Why not download our free ebook below by clicking the download button