When a cyberattack hits a household name, it can make international news headlines. However, it is not just the larger companies that are vulnerable to this rapidly evolving form of online criminality. As soon as your organisation begins to use digital resources, whether a care management software system, an interactive website or even just an email account, you potentially open yourself up to unwanted attention from people seeking to make unwanted contact online.
Types of cyberattacks
In order to protect your business, it is vital to understand the different types of cyberattacks that you could be subjected to. These include:
- Ransomware – where hackers can encrypt important files and digital systems to prevent you from operating and then demand a ransom payment to release or restore them back to you. If the victim does not pay, the hacker threatens to delete important data, or sell it on for purposes such as identify fraud.
- Phishing – where criminals seek to steal personal data, including particularly sensitive details like bank account information, and other details that could help them carry out identity fraud on you or your residents.
- Malware – the criminal installs malicious software onto your IT systems that can interrupt operations, encrypt files or steal data. Malware can be introduced through downloading infected files or clicking on affected links in emails or on websites.
- DDoS (Distributed Denial of Services) – this type of attack is intended to overwhelm and shut down an organisation’s online services or website by sending overwhelming amounts of traffic through them. It prevents bona fide users from accessing key resources, such as payroll, resident records or healthcare services. It can also seriously damage an organisation’s reputation and lead to loss of business and trust.
How to protect against them
The good news is that, as rapidly as these cyberattacks have arisen, solutions, protections and mitigations are evolving just as quickly. Care home managers have a number of tools at their disposal to protect important files and keep the personal data of their residents and staff members confidential and safe. For example, anti-virus software is essential for any business to install – as well as keeping it as effective as possible by installing updates as they become available. These updates normally contain protections against new viruses and malware that may not even have existed when the previous version of the anti-virus software came out, so it is crucial to stay on top of the updates.
Another key weapon against cyberattacks is to have effective user control measures in place. In other words, restrict who can access your IT systems to those who genuinely need them to carry out their work. Apply strong log-in measures, such as multi-factor authentication (e.g. asking users to enter both a password and a code that is sent to their mobile phone). Have a strong password management policy in place too – including making users change them regularly to help keep your files safe. Make sure that people know not to share or write passwords down, understand how to download files safely to avoid introducing malware and are provided with guidance on how to avoid being scammed by phishing attempts.
Pull all of this together by creating an overarching cybersecurity policy. This document will help everyone understand the protocols to follow and what they are allowed to do. The policy should cover all digital data, online resources such as websites and email accounts, social media use, file downloading rules and use of computers, tablets, smartphones and other devices for both business and personal tasks. Your policy should include a section on GDPR and how the personal data of residents, family members, suppliers and staff should be stored and protected. Other security measures include maintaining back-ups regularly so that your data isn’t kept in just one place – Care Vision’s cloud storage capabilities can help with this. Establish a disaster recovery plan and run it regularly to make sure that it remains fit for purpose.
Keep care management software updated, as well as your anti-virus protection so you are using the latest version possible. Invest in cybersecurity training for your staff too – they are the gatekeepers to your residents’ personal information. You may also wish to consider taking out cybersecurity insurance.