Among businesses, healthcare is one of the sectors most likely to hold personal data. 81% of businesses stating they do, according to the Cyber Security Breaches Survey 2022, which makes them a target for cyber criminals.
And the most common attack is phishing.
There is another couple of statistics from the survey which raises the concern that healthcare companies may be at risk. Only 17% of business have had training or awareness raising sessions on cyber security in the last 12 months and only 19% of businesses have tested their staff with something like mock phishing exercises.
But your staff could be the biggest liability or strength when it comes to identifying phishing, so not showing them the range of malicious communications that cyber criminals are using or not reviewing if your current security awareness training is working, seems to be a serious oversight.
Your staff are likely to be the contact point where an attack will either succeed or fail, so training them to recognise and report phishing is essential. But there are some technical controls that the National Cyber Security Centre recommend by putting in place a layered approached to phishing.
Further guidance and support The ECRC is a police-led, not for profit organisation which companies can join for free.
Our core membership provides:
Click to Open Code Editor