Back in May 2021, Ireland’s healthcare systems went offline because of a cyber-attack which resulted in 700 GB of medical data being stolen and 80% of the organisation’s data being encrypted. This caused amounts of huge disruption which included medical procedures being cancelled and major systems being taken offline.
A lessons learned report following this cyber-attack is now available, and you may ask yourself why this is important if you are not a business in the healthcare sector. However, many of the lessons that need to be acted upon are ones that could affect any business from any sector.
The key lessons were:
So, with these quite simple yet significant factors exposed, it’s a good opportunity for you to ask the below questions of your own company.
Sometimes mistakes are made, but it’s the response we take to reduce and remove the opportunity for these mistakes to reoccur that is critical. We can all learn from the Ireland Healthcare cyber-attack to ensure that as business owners, you have effective procedures in place should an incident occur within your business.
The Cyber Resilience Centre for the South East can help with developing and enhancing your processes, configuring your technology correctly, and upskilling your people to recognise and respond appropriately, therefore making you and organisation safer.
We offer a Cyber Security Policy review that will take a look into your current security policy, looking at how it is written and how it is implemented. We use key elements of the international information security management systems standard, which goes by the name of ISO/IEC 27001:2013’.
This forms the model for security policy reviews to identify any gaps, and to ensure that policy, procedure and technical controls implemented by your organisation are based on coherent risk management.
The policy should not be seen as a static document that you write once and only look at when it’s reviewed on an annual basis. It should be a live document that constantly changes as IT, network, and data security threats evolve and company changes occur.
It should clearly outline the guidelines for transferring company data, accessing private systems and devices, and using company-issued devices.
Get in touch with us today if you think your business could benefit from this service.
Click to Open Code Editor